Описание
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
Уязвимые конфигурации
Конфигурация 1Версия до 10.4.1 (исключая)
cpe:2.3:a:unitrends:backup:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00351
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data.
EPSS
Процентиль: 57%
0.00351
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89