header-logo
Suggest Exploit
vendor:
Velocity Analytics
by:
SecurityFocus
9,3
CVSS
HIGH
Code Injection
78
CWE
Product Name: Velocity Analytics
Affected Version From: 6.94 build 2995
Affected Version To: 6.94 build 2995
Patch Exists: YES
Related CWE: N/A
CPE: a:thomson_reuters:velocity_analytics
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

Thomson Reuters Velocity Analytics Code Injection Vulnerability

Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow an attacker to upload and execute arbitrary code with SYSTEM privileges.

Mitigation:

Users should apply the latest available updates to address the issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/63880/info

Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code.

Successfully exploiting this issue may allow an attacker to upload and execute arbitrary code with SYSTEM privileges.

Thomson Reuters Velocity Analytics 6.94 build 2995 is vulnerable; other versions may also be affected. 

http://www.example.com/VhttpdMgr?action=importFile&fileName={BACKDOOR}

Navigation

Suggest Exploit

Services By CQR