Skip to main content

Phpmybackuppro

9 CVEs product

Monthly

CVE-2024-5415 HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-5414 HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-5413 MEDIUM This Month

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2015-3637 HIGH This Week

SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Phpmybackuppro
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2015-4181 HIGH POC THREAT Act Now

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Path Traversal PHP Phpmybackuppro
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.3%
CVE-2015-4180 HIGH This Week

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Phpmybackuppro
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-3640 HIGH This Week

phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection PHP Phpmybackuppro
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-3639 HIGH PATCH This Week

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Phpmybackuppro
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2015-3638 HIGH PATCH This Week

phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Phpmybackuppro
NVD
CVSS 3.0
8.8
EPSS
1.6%
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
EPSS 1% CVSS 8.1
HIGH This Week

SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Phpmybackuppro
NVD
EPSS 11% CVSS 7.5
HIGH POC THREAT Act Now

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Path Traversal PHP Phpmybackuppro
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Phpmybackuppro
NVD
EPSS 1% CVSS 7.5
HIGH This Week

phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Phpmybackuppro
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy