CVE-2017-7280

Name of the Vulnerable Software and Affected Versions Unitrends Enterprise Backup versions prior to 9.0.0

Description An issue was discovered in the api/includes/systems.php file, where user input is not properly filtered before being sent to a popen function, allowing for remote code execution by sending a specially crafted user variable.

Recommendations For versions prior to 9.0.0, update to version 9.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the api/includes/systems.php file to minimize the risk of exploitation. Avoid using the user variable in the affected API endpoint until the issue is resolved.