ГлавнаяУязвимости → CVE-2024-25228
8.8высокая

CVE-2024-25228

→ есть в БДУ: BDU:2024-02565 (на русском)
Описание (на английском; русское — в БДУ выше)

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php.

Затрагиваемое ПО
Vinchin Vinchin backup and recovery
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/https://seclists.org/fulldisclosure/2024/Mar/15http://seclists.org/fulldisclosure/2024/Mar/15https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/https://seclists.org/fulldisclosure/2024/Mar/15