漏洞描述
Vinchin Backup and Recovery存在命令注入漏洞,此漏洞是由于/api/接口对用户的请求验证不当导致的。
Vinchin Backup and Recovery CVE-2024-25228 命令注入漏洞
PoC代码
暂无相关漏洞推荐
- POC generic-php-files: Generic PHP Backup Information Disclosure
- backup-files: Compressed Backup File - Detect
- POC CVE-2014-9119: WordPress DB Backup <=4.5 - Local File Inclusion
- POC CVE-2020-24312: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
- POC CVE-2021-24155: WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload
- POC CVE-2022-2863: WordPress WPvivid Backup <0.9.76 - Local File Inclusion
- POC CVE-2022-31474: BackupBuddy - Local File Inclusion
- POC CVE-2022-4897: WordPress BackupBuddy <8.8.3 - Cross Site Scripting
- POC CVE-2023-6553: Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
- POC CVE-2024-12209: WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
- POC CVE-2024-29868: Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation
- POC CVE-2024-48248: NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read
- POC CVE-2024-53991: Discourse Backup File Disclosure Via Default Nginx Configuration