Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Unitrends Enterprise Backup 安全漏洞
Vulnerability Description
Unitrends Enterprise Backup是美国Unitrends公司的一套企业级数据保护软件。该软件提供数据备份、数据恢复和重复数据删除等功能。 Unitrends Enterprise Backup 9.1.2之前的版本中存在任意文件上传漏洞,该漏洞源于程序没有充分的过滤位于recoveryconsole/bpl/reports.php文件中的‘createReportName’和‘saveReport’函数的用户输入。远程攻击者可利用该漏洞在磁盘上创建随机命名的文件,执行代码。
CVSS Information
N/A
Vulnerability Type
N/A