Vulnerability Details CVE-2017-7280
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.086
EPSS Ranking 92.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-7280
-
cpe:2.3:a:unitrends:enterprise_backup:7.3.0
-
cpe:2.3:a:unitrends:enterprise_backup:8.2.0-8