CyberSec.Space Logo
Back to CVE Browser

CVE-2018-6329

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile23.68th
PublishedMar 14, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.

Affected Platforms (CPE)

πŸ“¦
Unitrends

Backup

< 10.1.10

References & Advisories

πŸ”— https://support.unitrends.com/UnitrendsBackup/s/article/000001150
πŸ”— https://support.unitrends.com/UnitrendsBackup/s/article/000006003
πŸ”— https://www.exploit-db.com/exploits/44297/
πŸ”— https://www.exploit-db.com/exploits/45913/
πŸ”— https://support.unitrends.com/UnitrendsBackup/s/article/000001150
πŸ”— https://support.unitrends.com/UnitrendsBackup/s/article/000006003
πŸ”— https://www.exploit-db.com/exploits/44297/
πŸ”— https://www.exploit-db.com/exploits/45913/

Related Vulnerabilities

CVE-1999-060310.0

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, P...

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2021-2879910.0

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, th...

CVE-2001-037210.0

Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a ...