CVE-2013-5912

EXPLOITED

Thomsonreuters Velocity Analytics Vha... - Code Injection

Title source: rule

Description

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eduardo Gonzalez · textremotehardware

https://www.exploit-db.com/exploits/38850

View Code ZIP pw:eip

References (1)

[US Government Resource] http://www.kb.cert.org/vuls/id/893462

Scores

EPSS 0.3462

EPSS Percentile 97.0%

Details

VulnCheck KEV 2019-12-13

CWE

CWE-94

Status published

Products (1)

thomsonreuters/velocity_analytics_vhayu_analytic_server 6.94

Published Nov 28, 2013

Tracked Since Feb 18, 2026