Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Unitrends Enterprise Backup 安全漏洞
Vulnerability Description
Unitrends Enterprise Backup是美国Unitrends公司的一套企业级数据保护软件。该软件提供数据备份、数据恢复和重复数据删除等功能。 Unitrends Enterprise Backup 9.1.1之前的版本中的api/includes/restore.php文件存在安全漏洞,该漏洞源于‘downloadFile’函数接收任意传递到/api/restore/download的文件名。攻击者可利用该漏洞读取文件系统中的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A