19 Avr 2017
CVE-2017-7282 - CVE Vulnerability
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). (CVSS:0.0) (Last Update:2017-04-19)
Vulnerability Details : An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI). Publish Date : 2017-04-19 Last Update Date : 2017-04-19 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-7282
- References For CVE-2017-7282
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-7282There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |