diff --git a/bl-plugins/backup/plugin.php b/bl-plugins/backup/plugin.php
index c7e8d0c2..ce733d80 100644
--- a/bl-plugins/backup/plugin.php
+++ b/bl-plugins/backup/plugin.php
@@ -290,6 +290,14 @@ class pluginBackup extends Plugin {
 	{
 		global $L;
 
+		// Prevent arbitrary deletion. Check if directory/zip backup exists
+		if (! in_array(
+			$this->zip ? "$filename.zip" : $filename,
+			array_map('basename', glob($this->workspace().'*')))
+		) {
+			return $this->response(400, sprintf($L->get("Invalid Backup '%s'"), $filename));
+		}
+
 		if ($this->zip) {
 			// Zip format
 			$tmp = $this->workspace().$filename.'.zip';