Thomson Reuters Velocity Analytics - Remote Code Injection

EDB-ID:

38850


Platform:

Hardware

Published:

2013-11-22

source: http://www.securityfocus.com/bid/63880/info

Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code.

Successfully exploiting this issue may allow an attacker to upload and execute arbitrary code with SYSTEM privileges.

Thomson Reuters Velocity Analytics 6.94 build 2995 is vulnerable; other versions may also be affected. 

http://www.example.com/VhttpdMgr?action=importFile&fileName={BACKDOOR}