CVE-2026-49952 Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

CVE-2026-49952 Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

PT-2026-49307

Name of the Vulnerable Software and Affected Versions Discuz! X5.0 versions 20260320 through 20260501 Description An authentication bypass allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality. This is possible due to a shared cryptograph...

CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

CVE-2026-40484

ChurchCRM prior to version 7.2.0 is affected by an authenticated remote code execution in the database backup restore feature. The restore operation extracts uploaded archives and copies files from Images/ into the web root using recursiveCopyDirectory(), without file extension filtering, allowin...

ChurchCRM Database Restore RCE 6.2.0

This module exploits a Remote Code Execution RCE vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload restrictio...

📄 ChurchCRM Database Restore Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload...

GO-2026-4873 Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core

Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core...

PT-2026-29928

Ella Core has Privilege Escalation via Database Restore by NetworkManager role in github.com/ellanetworks/core...

CVE-2026-33906 Ella Core has Privilege Escalation via Database Restore by NetworkManager role

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tamper...

CVE-2026-33906

CVE-2026-33906 concerns Ella Core, a 5G core for private networks. Prior to version 1.7.0, the NetworkManager role had backup/restore permissions, and the restore endpoint accepted any valid SQLite file without validating contents. An attacker with NetworkManager privileges could replace the prod...

GHSA-87J9-M7X6-HVW2 Ella Core has Privilege Escalation via Database Restore by NetworkManager role

Summary The NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. Impact A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management...

Ella Core has Privilege Escalation via Database Restore by NetworkManager role

Summary The NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. Impact A NetworkManager could replace the production database with a tampered copy to escalate to Admin, gaining access to user management...

CVE-2026-28409 WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...

CVE-2026-28409

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution RCE vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access which can be obtained via the previously reported...

PT-2026-22412

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. A critical Remote Code Execution RCE issue exists in the application’s database restoration functionality. An attacker with administrative access can...

ChurchCRM Code Execution Vulnerability (CNVD-2026-0535893)

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from the database restore feature not validating the content or extension of uploaded files, which can be exploited by an attacker to cause remote code execution...

CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...