Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
References
Link | Resource |
---|---|
http://www.portcullis-security.com/339.php | Exploit |
http://secunia.com/advisories/38538 | Vendor Advisory |
Configurations
Information
Published : 2010-02-19 09:30
Updated : 2010-02-21 21:00
NVD link : CVE-2009-4646
Mitre link : CVE-2009-4646
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
accellion
- secure_file_transfer_appliance