Unitrends Enterprise Backup Local File Inclusion
[CVE-2017-7282]
Vulnerability Details
Disclosure
Disclosure Date
04/19/2017
Vulnerability Description
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI).
Related Disclosures
Unitrends Enterprise Backup Privilege Escalation in Token Cookie
[CVE-2017-7279]
Unitrends Enterprise Backup Privilege Escalation in users.php File
[CVE-2017-7284]
Unitrends Enterprise Backup Remote Code Execution in systems.php File
[CVE-2017-7280]
Unitrends Enterprise Backup Remote Code Execution in reports.php File
[CVE-2017-7281]
Unitrends Enterprise Backup Remote Code Execution in restore.php File
[CVE-2017-7283]
CVSS Metrics
CVSS Rating (version 3.0)
5.5 (Medium)
Impact Score
Exploitability Score
3.6
1.8
Attack Vector
Local File Inclusion
Attack Complexity (AC)Low Privileges Required (PR)None User Interaction (UI)Required Scope (S)Unchanged
Confidentiality (C)High Integrity (I)None Availability (A)None