Vulnerability Description
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unitrends | Enterprise Backup | <= 9.1 |
Related Weaknesses (CWE)
References
- https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapterExploitThird Party Advisory
- https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/00000Vendor Advisory
- https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapterExploitThird Party Advisory
- https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/00000Vendor Advisory
FAQ
What is CVE-2017-7282?
CVE-2017-7282 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This a...
How severe is CVE-2017-7282?
CVE-2017-7282 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7282?
Check the references section above for vendor advisories and patch information. Affected products include: Unitrends Enterprise Backup.