Full title: Citrix NITRO SDK - Command Injection Vulnerability 
Category: web applications
Platform: php
A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.

# 0day.today @ http://0day.today/