Xangati's software release contains relative path traversal (CWE-23) and command injection (CWE-78) vulnerabilities.
CWE-23: Relative Path Traversal - CVE-2014-0358
A remote unauthenticated attacker may be able to read system files. A remote authenticated attacker may be able to run arbitrary system commands.
Apply an Update
Thanks to Jan Kadijk for reporting this vulnerability.
This document was written by Jared Allar.