CVE-2009-4645

Accellion Secure File Transfer Appliance <8.0.105 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4645. PoCs published by Tim Brown.

AI-analyzed exploit summary This is a vulnerability writeup describing multiple issues in Accellion File Transfer Appliance, including directory traversal and command injection. It provides an example URL for path traversal but lacks executable exploit code.

Description

Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tim Brown · textremotelinux
https://www.exploit-db.com/exploits/33622

This is a vulnerability writeup describing multiple issues in Accellion File Transfer Appliance, including directory traversal and command injection. It provides an example URL for path traversal but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Accellion File Transfer Appliance
No auth needed
Prerequisites: Network access to the target appliance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56246
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38176
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38538

Scores

EPSS 0.0276
EPSS Percentile 84.3%

Details

CWE
CWE-22
Status published
Products (5)
accellion/secure_file_transfer_appliance 7_0_135
accellion/secure_file_transfer_appliance 7_0_178
accellion/secure_file_transfer_appliance 7_0_189
accellion/secure_file_transfer_appliance 7_0_259
accellion/secure_file_transfer_appliance 7_0_296
Published Feb 19, 2010
Tracked Since Feb 18, 2026