Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.portcullis-security.com/338.php - Exploit | |
References | () http://www.securityfocus.com/bid/38176 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/56248 - |
Information
Published : 2010-02-19 17:30
Updated : 2024-11-21 01:10
NVD link : CVE-2009-4644
Mitre link : CVE-2009-4644
CVE.ORG link : CVE-2009-4644
JSON object : View
Products Affected
accellion
- secure_file_transfer_appliance
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')