CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25228 – Vinchin Backup and Recovery 7.2 Command Injection
https://notcve.org/view.php?id=CVE-2024-25228
14 Mar 2024 — Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. Vinchin Backup and Recovery 7.2 y versiones anteriores son vulnerables a la ejecución remota de código autenticado (RCE) a través de la función getVerifydiyResult en ManoeuvreHandler.class.php. Vinchin Backup and Recovery versions 7.2 and below suffer from an authentication command injection vulnerability. • https://packetstorm.news/files/id/177605 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-22899 – Vinchin Backup and Recovery 7.2 syncNtpTime Command Injection
https://notcve.org/view.php?id=CVE-2024-22899
26 Jan 2024 — Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función syncNtpTime. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function. • https://packetstorm.news/files/id/176793 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22900 – Vinchin Backup and Recovery 7.2 setNetworkCardInfo Command Injection
https://notcve.org/view.php?id=CVE-2024-22900
26 Jan 2024 — Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función setNetworkCardInfo. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function. • https://packetstorm.news/files/id/176788 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22901 – Vinchin Backup and Recovery 7.2 Default MySQL Credentials
https://notcve.org/view.php?id=CVE-2024-22901
26 Jan 2024 — Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. Se descubrió que Vinchin Backup & Recovery v7.2 utiliza credenciales MYSQL predeterminadas. A critical security issue has been discovered in Vinchin Backup and Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks. • https://packetstorm.news/files/id/176794 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22902 – Vinchin Backup and Recovery 7.2 Default Root Credentials
https://notcve.org/view.php?id=CVE-2024-22902
26 Jan 2024 — Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. Se descubrió que Vinchin Backup & Recovery v7.2 estaba configurado con credenciales raíz predeterminadas. Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. • https://packetstorm.news/files/id/176795 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22903 – Vinchin Backup and Recovery 7.2 SystemHandler.class.php Command Injection
https://notcve.org/view.php?id=CVE-2024-22903
26 Jan 2024 — Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. Se descubrió que Vinchin Backup & Recovery v7.2 contiene una vulnerabilidad de ejecución remota de código (RCE) autenticada a través de la función deleteUpdateAPK. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php. • https://packetstorm.news/files/id/176796 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2023-45498 – VinChin VMWare Backup 7.0 Hardcoded Credential / Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-45498
27 Oct 2023 — VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. Se descubrió que VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.* y v7.0.* contiene una vulnerabilidad de inyección de comandos. VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities. • https://packetstorm.news/files/id/176289 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2023-45499 – VinChin VMWare Backup 7.0 Hardcoded Credential / Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-45499
27 Oct 2023 — VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. Se descubrió que VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.* y v7.0.* contenía credenciales codificadas. VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities. • https://packetstorm.news/files/id/176289 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35866 – Vinchin Backup and Recovery MySQL Server Use of Hard-coded Credentials Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-35866
08 Jul 2022 — This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. • https://packetstorm.news/files/id/176794 • CWE-798: Use of Hard-coded Credentials •