Nicola Giuffrida

**Name of the Vulnerable Software and Affected Versions** versions prior to 2.3 **Description** The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows an attacker to gain root-level command execution, compromising confidentiality, integrity, and availability. The vulnerability allows for the execution of arbitrary commands via the `/api/v1/restore` endpoint using a crafted backup file containing malicious tags. The vulnerable parameter is the `backup file`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.