CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22903 – Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection
https://notcve.org/view.php?id=CVE-2024-22903
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función deleteUpdateAPK. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php. • http://vinchin.com https://blog.leakix.net/2024/01/vinchin-backup-rce-chain https://seclists.org/fulldisclosure/2024/Jan/32 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22902 – Vinchin Backup And Recovery 7.2 Default Root Credentials
https://notcve.org/view.php?id=CVE-2024-22902
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. Se descubrió que Vinchin Backup & Recovery v7.2 estaba configurado con credenciales raíz predeterminadas. Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. • http://default.com http://vinchin.com https://blog.leakix.net/2024/01/vinchin-backup-rce-chain https://seclists.org/fulldisclosure/2024/Jan/31 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22901 – Vinchin Backup And Recovery 7.2 Default MySQL Credentials
https://notcve.org/view.php?id=CVE-2024-22901
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. Se descubrió que Vinchin Backup & Recovery v7.2 utiliza credenciales MYSQL predeterminadas. A critical security issue has been discovered in Vinchin Backup and Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks. • http://vinchin.com https://blog.leakix.net/2024/01/vinchin-backup-rce-chain https://seclists.org/fulldisclosure/2024/Jan/30 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22899 – Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection
https://notcve.org/view.php?id=CVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función syncNtpTime. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function. • https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain http://vinchin.com https://blog.leakix.net/2024/01/vinchin-backup-rce-chain https://seclists.org/fulldisclosure/2024/Jan/29 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22900 – Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
https://notcve.org/view.php?id=CVE-2024-22900
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función setNetworkCardInfo. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function. • http://vinchin.com https://blog.leakix.net/2024/01/vinchin-backup-rce-chain https://seclists.org/fulldisclosure/2024/Jan/29 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •