An issue exists in Unitrends Enterprise Backup prior to 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated malicious user to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
unitrends enterprise backup |