CVE-2023-45498

CRITICAL

Vinchin Backup & Recovery 5.0-7.0 - OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45498. PoCs published by Gregory Boddin (LeakIX), Valentin Lobstein, including Metasploit module exploits/linux/http/vinchin_backup_recovery_cmd_inject.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery via the checkIpExists API endpoint. It sends a crafted POST request with a malicious payload embedded in the 'ip' parameter, achieving remote code execution as the web server user.

Description

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Gregory Boddin (LeakIX), Valentin Lobstein · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb

This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery via the checkIpExists API endpoint. It sends a crafted POST request with a malicious payload embedded in the 'ip' parameter, achieving remote code execution as the web server user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Vinchin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, v7.0.*
No auth needed
Prerequisites: Network access to the target · SSL enabled on port 443
devstral-2 · analyzed Apr 23, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.7946
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
vinchin/vinchin_backup_and_recovery 5.0 - 7.0
Published Oct 27, 2023
Tracked Since Feb 18, 2026