← back
CVE-2018-6328

CVE-2018-6328

EPSS 65.5%
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
Affected products
n/a · n/a
public PoCs found4
cve_referencewww.exploit-db.com/exploits/44297/unverifiedcve_referencewww.exploit-db.com/exploits/45559/unverifiedexploitdbwww.exploit-db.com/exploits/45559unverifiedexploitdbwww.exploit-db.com/exploits/44297unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.unitrends.com/UnitrendsBackup/s/article/000001150https://support.unitrends.com/UnitrendsBackup/s/article/000006002https://www.exploit-db.com/exploits/44297/https://www.exploit-db.com/exploits/45559/