Vinchin Backup and Recovery 7.2 and previous versions is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.
CVE ID: CVE-2024-25228
Title: Authenticated Command Injection Vulnerability in ManoeuvreHandlerclassphp of Vinchin Backup & Recovery
Versions 72 and Earlier
Description:
A critical security vulnerability has been discovered in the `getVerifydiyResult` function within the
`ManoeuvreHandlerclassphp` file of Vinchin Backup & Recovery ...