CVE-2017-7283

An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:unitrends:enterprise_backup:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-20 02:59

Updated : 2024-02-04 19:11


NVD link : CVE-2017-7283

Mitre link : CVE-2017-7283

CVE.ORG link : CVE-2017-7283


JSON object : View

Products Affected

unitrends

  • enterprise_backup
CWE
CWE-20

Improper Input Validation