Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Unitrends Enterprise Backup 安全漏洞
Vulnerability Description
Unitrends Enterprise Backup是美国Unitrends公司的一套企业级数据保护软件。该软件提供数据备份、数据恢复和重复数据删除等功能。 Unitrends Enterprise Backup 9.1.2之前的版本中存在安全漏洞。攻击者可通过向/api/restore/download-files终端发送特制的文件名利用该漏洞执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A