Full title: Barracuda CloudGen WAN OS Command Injection Vulnerability 
Category: web applications
Platform: php
Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.

# 0day.today @ http://0day.today/