Vulnerability Details CVE-2017-7282
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.075
EPSS Ranking 91.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 7.1
References
- https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/
- https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/000005558?r=1
- https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/
- https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/000005558?r=1
Products affected by CVE-2017-7282
-
cpe:2.3:a:unitrends:enterprise_backup:7.3.0
-
cpe:2.3:a:unitrends:enterprise_backup:8.2.0-8
-
cpe:2.3:a:unitrends:enterprise_backup:9.1