Full title: Vinchin Backup And Recovery Command Injection Exploit 
Category: remote exploits
Platform: linux
This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user.

# 0day.today @ http://0day.today/