SecuritySpace - CVE-2017-7281

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2017-7281

Description: An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-7281
https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

CVE ID:	CVE-2017-7281
Description:	An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7281 https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/