There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system.
[
{
"product": "FusionCompute",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.3.0,6.3.1,6.5.0,8.0.0"
}
]
}
]