CVE-2009-4644
Accellion Secure File Transfer Appliance <8.0.105 - Command Injection
Title source: llmDescription
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38176
Exploit x_refsource_misc
http://www.portcullis-security.com/338.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56248
Scores
EPSS
0.0241
EPSS Percentile
82.1%
Details
CWE
CWE-78
Status
published
Products (5)
accellion/secure_file_transfer_appliance
7_0_135
accellion/secure_file_transfer_appliance
7_0_178
accellion/secure_file_transfer_appliance
7_0_189
accellion/secure_file_transfer_appliance
7_0_259
accellion/secure_file_transfer_appliance
7_0_296
Published
Feb 19, 2010
Tracked Since
Feb 18, 2026