5 matches found
phpVMS < 7.0.6 - Legacy Importer Authorization Bypass
phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...
CVE-2026-42569
phpVMS 7.x prior to 7.0.6 contains a critical, unauthenticated access flaw in the legacy importer feature that allows manipulation or deletion of data via the importer path. The weakness affects phpVMS 7.x up to 7.0.5 and was fixed in 7.0.6 (with later advisory notes referencing 7.0.7 for mitigat...
GHSA-FV26-4939-62FH phpVMS has an /importer authorization bypass causing full database wipe
Security Advisory: Unauthenticated Access to Legacy Import Feature Severity: Critical Affected versions: phpVMS 7.x up to 7.0.5 Fixed in: v7.0.6 Component: Legacy importer Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this featu...
phpVMS has an /importer authorization bypass causing full database wipe
Security Advisory: Unauthenticated Access to Legacy Import Feature Severity: Critical Affected versions: phpVMS 7.x up to 7.0.5 Fixed in: v7.0.6 Component: Legacy importer Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this featu...
PT-2026-36989
Name of the Vulnerable Software and Affected Versions phpVMS versions 7.x through 7.0.5 Description A critical issue in the legacy importer component allows unauthenticated access to a deprecated import feature. A remote attacker can trigger internal processes to modify or delete application data...