Unitrends Enterprise Backup Remote Code Execution in reports.php File
[CVE-2017-7281]
Vulnerability Details
Disclosure
Disclosure Date
04/12/2017
Vulnerability Description
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
Related Disclosures
Unitrends Enterprise Backup Remote Code Execution in restore.php File
[CVE-2017-7283]
Unitrends Enterprise Backup Remote Code Execution in systems.php File
[CVE-2017-7280]
Unitrends Enterprise Backup Privilege Escalation in users.php File
[CVE-2017-7284]
Unitrends Enterprise Backup Privilege Escalation in Token Cookie
[CVE-2017-7279]
Unitrends Enterprise Backup Local File Inclusion
[CVE-2017-7282]
CVSS Metrics
CVSS Rating (version 3.0)
8.8 (High)
Impact Score
Exploitability Score
5.9
2.8
Attack Vector
Network
Attack Complexity (AC)Low Privileges Required (PR)Low User Interaction (UI)None Scope (S)Unchanged
Confidentiality (C)High Integrity (I)High Availability (A)High