Skip to main content

Vinchin Backup And Recovery

9 CVEs product

Monthly

CVE-2024-25228 HIGH POC THREAT This Week

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Vinchin Backup And Recovery
NVD
CVSS 3.1
8.8
EPSS
25.9%
CVE-2024-22903 HIGH POC This Week

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Vinchin Backup And Recovery
NVD VulDB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-22902 CRITICAL POC Act Now

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vinchin Backup And Recovery
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-22901 CRITICAL POC Act Now

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vinchin Backup And Recovery
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-22900 HIGH POC This Week

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Vinchin Backup And Recovery
NVD VulDB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-22899 HIGH POC This Week

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Vinchin Backup And Recovery
NVD VulDB
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-45499 CRITICAL POC Emergency

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vinchin Backup And Recovery
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2023-45498 CRITICAL POC THREAT Emergency

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vinchin Backup And Recovery
NVD
CVSS 3.1
9.8
EPSS
20.5%
CVE-2022-35866 CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vinchin Backup And Recovery
NVD
CVSS 3.1
9.8
EPSS
3.2%
EPSS 26% CVSS 8.8
HIGH POC THREAT This Week

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Vinchin Backup And Recovery
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vinchin Backup And Recovery
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vinchin Backup And Recovery
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Vinchin Backup And Recovery
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Vinchin Backup And Recovery
NVD VulDB
EPSS 8% CVSS 9.8
CRITICAL POC Emergency

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vinchin Backup And Recovery
NVD
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Emergency

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vinchin Backup And Recovery
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vinchin Backup And Recovery
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy