Authentication Bypass via SQL Injection in Unitrends Backup before 10.4.1

Authentication Bypass via SQL Injection in Unitrends Backup before 10.4.1

CVE-2020-8427 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.