Thomson Reuters Velocity Analytics - Remote Code Injection
| EKU-ID: 43221 | CVE: CVE-2013-5912;OSVDB-100273 | OSVDB-ID: |
| Author: Eduardo Gonzalez | Published: 2013-11-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 43221 | CVE: CVE-2013-5912;OSVDB-100273 | OSVDB-ID: |
| Author: Eduardo Gonzalez | Published: 2013-11-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/63880/info
Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code.
Successfully exploiting this issue may allow an attacker to upload and execute arbitrary code with SYSTEM privileges.
Thomson Reuters Velocity Analytics 6.94 build 2995 is vulnerable; other versions may also be affected.
http://www.example.com/VhttpdMgr?action=importFile&fileName={BACKDOOR}