CVE-2017-7280

2017-04-12T22:59:00
ID CVE-2017-7280
Type cve
Reporter cve@mitre.org
Modified 2017-04-20T14:21:00

Description

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.