CVE-2014-3008

Unitrends Enterprise Backup - OS Command Injection

Title source: rule

Description

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.

Exploits (1)

exploitdb WORKING POC

by Brandon Perry · rubyremoteunix

https://www.exploit-db.com/exploits/32885

View Code ZIP pw:eip

References (6)

[Mailing List] http://seclists.org/fulldisclosure/2014/Apr/204

[Vendor Advisory] http://secunia.com/advisories/58001

[Exploit] http://www.exploit-db.com/exploits/32885

[Exploit] http://www.securityfocus.com/bid/66928

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/92642

[Various Sources] https://gist.github.com/brandonprry/10745756

Scores

EPSS 0.2190

EPSS Percentile 95.8%

Details

CWE

CWE-78

Status published

Products (1)

unitrends/enterprise_backup 7.3.0

Published Apr 28, 2014

Tracked Since Feb 18, 2026