An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
CPE | Name | Operator | Version |
---|---|---|---|
file_transfer_appliance | eq | <= 91240 |