CVE-2017-17416

Name of the Vulnerable Software and Affected Versions: Quest NetVault Backup versions 11.3.0.12

Description: The issue is related to insufficient protection of the SQL query structure in the NVBUPhaseStatus GetPlugins method. This allows a remote attacker to execute arbitrary code on vulnerable installations. The problem arises from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database.

Recommendations: For Quest NetVault Backup version 11.3.0.12, consider disabling the NVBUPhaseStatus GetPlugins method until a patch is available to prevent remote code execution. Restrict access to the underlying database to minimize the risk of exploitation. Avoid using user-supplied strings in SQL queries until the issue is resolved.