Lucene search
K

5 matches found

Nuclei
Nuclei
added 10 hours ago9 views

phpVMS < 7.0.6 - Legacy Importer Authorization Bypass

phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...

9.4CVSS6.1AI score0.01173EPSS
Exploits1References3
CVE
CVE
added 2026/05/09 7:21 p.m.24 views

CVE-2026-42569

phpVMS 7.x prior to 7.0.6 contains a critical, unauthenticated access flaw in the legacy importer feature that allows manipulation or deletion of data via the importer path. The weakness affects phpVMS 7.x up to 7.0.5 and was fixed in 7.0.6 (with later advisory notes referencing 7.0.7 for mitigat...

9.4CVSS5.8AI score0.01173EPSS
Exploits1References4
OSV
OSV
added 2026/05/04 9:20 p.m.4 views

GHSA-FV26-4939-62FH phpVMS has an /importer authorization bypass causing full database wipe

Security Advisory: Unauthenticated Access to Legacy Import Feature Severity: Critical Affected versions: phpVMS 7.x up to 7.0.5 Fixed in: v7.0.6 Component: Legacy importer Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this featu...

9.4CVSS5.9AI score0.01173EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/04 9:20 p.m.15 views

phpVMS has an /importer authorization bypass causing full database wipe

Security Advisory: Unauthenticated Access to Legacy Import Feature Severity: Critical Affected versions: phpVMS 7.x up to 7.0.5 Fixed in: v7.0.6 Component: Legacy importer Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this featu...

9.4CVSS5.9AI score0.01173EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36989

Name of the Vulnerable Software and Affected Versions phpVMS versions 7.x through 7.0.5 Description A critical issue in the legacy importer component allows unauthenticated access to a deprecated import feature. A remote attacker can trigger internal processes to modify or delete application data...

9.4CVSS5.8AI score0.01173EPSS
Exploits1References16
Rows per page
Query Builder