CVE-2017-8789

Name of the Vulnerable Software and Affected Versions Accellion FTA versions prior to FTA 9 12 180

Description A SQL injection issue exists due to a report error.php API endpoint that is vulnerable to injection attacks. The year parameter is specifically mentioned as a vector for this injection. This could potentially allow an attacker to execute unauthorized SQL commands.

Recommendations For versions prior to FTA 9 12 180, update to FTA 9 12 180 or later to resolve the issue. As a temporary workaround, consider restricting access to the report error.php API endpoint to minimize the risk of exploitation. Avoid using the year parameter in the report error.php endpoint until the issue is resolved.