Read Time:22 Second
Posted by Valentin Lobstein via Fulldisclosure on Jan 26
CVE ID: CVE-2024-22899
Title: Command Injection Vulnerability in Vinchin Backup and Recovery’s syncNtpTime Function in Versions 7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22899, has been discovered in the `syncNtpTime` function of
Vinchin Backup and Recovery software. This issue affects versions 7.2 and earlier. The function, part of the
`SystemHandler.class.php` file, is designed for…