CVE-2015-2857
CRITICALAccellion File Transfer Appliance < 9_11_200 - Command Injection
Title source: ruleDescription
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/37597
metasploit
WORKING POC
EXCELLENT
by hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/accellion_fta_getstatus_oauth.rb
References (4)
Scores
CVSS v3
9.8
EPSS
0.8670
EPSS Percentile
99.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
accellion/file_transfer_appliance
< 9_11_200
Published
Aug 22, 2017
Tracked Since
Feb 18, 2026