Unitrends: >> Enterprise Backup >> 9.1.1 Security Vulnerabilities
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
CVSS Score
8.8
EPSS Score
0.166
Published
2017-04-20
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
CVSS Score
8.8
EPSS Score
0.074
Published
2017-04-12
An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.
CVSS Score
8.8
EPSS Score
0.038
Published
2017-04-12