CVE-2024-25228

Published: 14/03/2024 Updated: 14/03/2024

Vinchin Backup and Recovery 7.2 and previous versions is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.

Check Point Reference: CPAI-2024-0328 Date Published: 28 May 2024 Severity: High ...

Vinchin Backup and Recovery versions 72 and below suffer from an authentication command injection vulnerability ...

CVE ID: CVE-2024-25228 Title: Authenticated Command Injection Vulnerability in ManoeuvreHandlerclassphp of Vinchin Backup & Recovery Versions 72 and Earlier Description: A critical security vulnerability has been discovered in the `getVerifydiyResult` function within the `ManoeuvreHandlerclassphp` file of Vinchin Backup & Recovery ...

CVE-2024-25228 POC RCE Unpatched Command Injection in Vinchin Backup & Recovery Versions

CVE-2024-25228-POC CVE-2024-25228 POC RCE Unpatched Command Injection in Vinchin Backup & Recovery Versions

https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/https://seclists.org/fulldisclosure/2024/Mar/15 https://nvd.nist.gov https://github.com/rkraper339/CVE-2024-25228-POC https://seclists.org/fulldisclosure/2024/Mar/15 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0328.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-25228

Vulnerability Summary

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect