Sameer Mohite

**Name of the Vulnerable Software and Affected Versions** Freewill iFIS (aka SMART Trade) version 20.01.01.04 **Description** The issue allows OS Command Injection via shell metacharacters to a report page. **Recommendations** For Freewill iFIS (aka SMART Trade) version 20.01.01.04, consider restricting access to the report page to minimize the risk of exploitation until a patch is available. Avoid using shell metacharacters in the report page. At the moment, there is no information about a newer version that contains a fix for this vulnerability.