cve/CVE-2022-35866.md at f1f1f9a798d36fa0748d135c6fe5299cdbcc69fb

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-01 11:10:36 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.

POC

Reference

http://packetstormsecurity.com/files/176794/Vinchin-Backup-And-Recovery-7.2-Default-MySQL-Credentials.html

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2022-35866

Description

POC

Reference

Github

1.0 KiB

Raw Blame History