[Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier

Read Time:21 Second

Posted by Valentin Lobstein via Fulldisclosure on Mar 13

CVE ID: CVE-2024-25228

Title: Authenticated Command Injection Vulnerability in ManoeuvreHandler.class.php of Vinchin Backup & Recovery
Versions 7.2 and Earlier

Description:
A critical security vulnerability has been discovered in the `getVerifydiyResult` function within the
`ManoeuvreHandler.class.php` file of Vinchin Backup & Recovery software, affecting versions 7.2 and earlier. This
function, intended for validating IP addresses…

Cyber Security News

[Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier

News, Advisories and much more