An issue exists on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd# URL pattern.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
accellion file transfer appliance |