CVE-2017-11318

HIGH

Cobian Backup 11 - Remote Code Execution via Pre-Backup Event Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11318. PoCs published by X-C3LL.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2017-11318, targeting Cobian Backup 11. The exploit spoofs the master server and sends a crafted backup task to achieve remote command execution (RCE) by setting 'cmd.exe' as a pre-backup event.

Description

Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.

Exploits (1)

github WORKING POC 11 stars

by X-C3LL · pythonpoc

https://github.com/X-C3LL/PoC-CVEs/tree/master/CVE-2017-11318

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2017-11318, targeting Cobian Backup 11. The exploit spoofs the master server and sends a crafted backup task to achieve remote command execution (RCE) by setting 'cmd.exe' as a pre-backup event.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cobian Backup 11

No auth needed

Prerequisites: MitM (Man-in-the-Middle) position to spoof the master server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.tarlogic.com/advisories/Tarlogic-2017-002.txt

Scores

CVSS v3 8.1

EPSS 0.0125

EPSS Percentile 65.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

cobiansoft/cobian_backup 11

Published Jul 17, 2017

Tracked Since Feb 18, 2026