Vinchin Backup and Recovery vulnerable to Authenticated Remote Code Execution
CVE-2024-25228
8.8HIGH
What is CVE-2024-25228?
Vinchin Backup and Recovery, specifically versions 7.2 and earlier, is vulnerable to an Authenticated Remote Code Execution flaw. This vulnerability resides in the getVerifydiyResult function within the ManoeuvreHandler.class.php file. If exploited, attackers with authenticated access can execute arbitrary commands on the server, potentially compromising sensitive data and functionality. Organizations using affected versions should prioritize applying patches or implementing mitigation strategies to safeguard their systems.
