CVE-2017-7284
The CVE-2017-7284 entry describes a vulnerability in Unitrends Enterprise Backup (pre-9.1.2) where an attacker who has hijacked a web session can use api/includes/users.php to change the password of the currently logged-in account without knowing the existing password, enabling account takeover. ...