cve/2024/CVE-2024-22899.md

CVE-2024-22899

Description

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

POC

Reference

• https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/
• https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/

Github

• https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain
• https://github.com/Chocapikk/My-CVEs
• https://github.com/nomi-sec/PoC-in-GitHub