CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7281

An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.074

EPSS Ranking 91.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/
https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

Products affected by CVE-2017-7281

Unitrends » Enterprise Backup » Version: 7.3.0

cpe:2.3:a:unitrends:enterprise_backup:7.3.0
Unitrends » Enterprise Backup » Version: 8.2.0-8

cpe:2.3:a:unitrends:enterprise_backup:8.2.0-8
Unitrends » Enterprise Backup » Version: 9.1

cpe:2.3:a:unitrends:enterprise_backup:9.1
Unitrends » Enterprise Backup » Version: 9.1.1

cpe:2.3:a:unitrends:enterprise_backup:9.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7281

Products

Pricing

Contact Us