CVE-2018-6328
N/A
N/A
Summary
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/45559/
- https://support.unitrends.com/UnitrendsBackup/s/article/000006002
- https://www.exploit-db.com/exploits/44297/
- https://support.unitrends.com/UnitrendsBackup/s/article/000001150
References
- https://www.exploit-db.com/exploits/45559/
- https://support.unitrends.com/UnitrendsBackup/s/article/000006002
- https://www.exploit-db.com/exploits/44297/
- https://support.unitrends.com/UnitrendsBackup/s/article/000001150
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.