Описание
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.0 (включая) до 10.5.5 (исключая)
cpe:2.3:a:kaseya:unitrends_backup:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04026
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 4 лет назад
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.
EPSS
Процентиль: 88%
0.04026
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89