Thomson Reuters Velocity Analytics - Remote Code Injection

Author: Eduardo Gonzalez
type: remote
platform: hardware
port: 
date_added: 2013-11-22  
date_updated: 2015-12-02  
verified: 1  
codes: CVE-2013-5912;OSVDB-100273  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 38850.txt  

source: https://www.securityfocus.com/bid/63880/info

Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code.

Successfully exploiting this issue may allow an attacker to upload and execute arbitrary code with SYSTEM privileges.

Thomson Reuters Velocity Analytics 6.94 build 2995 is vulnerable; other versions may also be affected.

http://www.example.com/VhttpdMgr?action=importFile&fileName={BACKDOOR}