CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these...

CVE-2025-54417

CVE-2025-54417 affects Craft CMS: versions 4.13.8–4.16.2 and 5.5.8–5.8.3 contain a bypass of CVE-2025-23209, requiring a compromised security key and ability to create a file under Craft’s /storage/backups. Under these conditions, a crafted request to /updater/restore-db could trigger remote code...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /updater/restore-db endpoint. An attacker can execute arbitrary code by crafting a malicious request after obtaining a compromised security key and creating a...

Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

PT-2025-32419 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions 4.13.8 through 4.16.2 Craft versions 5.5.8 through 5.8.3 Description: Craft is a platform for creating digital experiences. A vulnerability exists that allows bypassing security measures, potentially leading to remote code...

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

CVE-2024-55372

CVE-2024-55372 concerns Wallos

CVE-2025-32246

Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1-Click Backup & Restore Database: from n/a through = 1.0.3...

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

Odoo Access Control Error Vulnerability (CNVD-2019-30569)

Odoo is an open source commercial system from the Belgian company Odoo. An access control error vulnerability exists in the database manager component of Odoo, which can be exploited by an attacker to restore a database and change arbitrary passwords...

Microsoft SQL Server privilege escalation

Privilege escalation via RESTORE DATABASE...

Microsoft SQL Server Privilege Escalation / SQL Injection

No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...

Kwik Pay Payroll 4.10.3 - .zip Denial of Service

Kwik Pay Payroll 4.10.3 - .zip Denial of Service Exploit Title: Kwik Pay Payroll .zip DoS Date: April 1, 2010 Tested on: Windows XP SP3 Cost: 100.00 AU Author: anonymous Site: http://www.setfreesecurity.com File - Restore Database - Find Locate zip file Click the restore button at the bottom...

phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit

Exploit for unknown platform in category web applications ============================================================== phpBB you need an admin sid, works regardless of magicquotesgpc settings\r\n"; echo "tested and working against a fresh PhpBB installation\r\n\r\n"; if $argc5 echo "Usage: php...

phpBB &lt;= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PhpBB = v2.0.20 "Admin/Restore Database/defaultlang remote commands execution\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "- you need an admin sid, works regardles...