Logo
Open Register Sign in
  1. Unitrends
  2. Backup
  3. General

CVE-2017-7282: Unitrends LFI in restore.php filename

CVE ID

CVE-2017-7282

DESCRIPTION

An issue in api/includes/restore.php allowed a Local File Inclusion when specifying a filename manually. 
 

RESOLUTION

Unitrends Risk Assessment: None.
Resolved with latest security update as of 04/14/2017.
 

LINK TO ADVISORIES

  • https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us

Browse this section

  • File Catalog updates stalled or slow or Image and Host level backups larger when using Windows Defender engine 1.1.18100.5
  • How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
  • Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.6
  • How can I find imaging media for an older release?
  • How can I find air gap update media for an older release?
  • Getting Started with Your Free Trial of Unitrends Backup
  • How can I find an older release of the Unitrends agent software?
  • 9002 - 9012 appliance disk replacement process
  • Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.5
  • Backup Agent Firewall Rules
See more
Company
  • About us
  • Blog
  • Legal Notices
  • Privacy

Products
  • Unitrends Helix
  • Unitrends Cloud Backup
  • Unitrends Backup Software V2
  • Unitrends DRaaS
  • Unitrends Forever Cloud Storage
  • Unitrends Security Manager
  • Unitrends Compliance Manager
  • Recovery Series Backup Applicances
Helpdesk
  • My Support Account
  • Open a Ticket
  • Register

© Copyright © 2020 Unitrends