OS command injection in Filr admin (CVE-2016-1608)

A vulnerability in the Novell Filr admin may allow a remote attacker authenticated as an admin to execute arbitrary OS commands on the Filr server as the root user. Note that when used in conjunction with  CVE-2016-1607 (TID 7017786), that a remote attacker may be able to perform this attack without authentication by targeting a Filr admin user.

A fix for this issue is available in the Filr 2.0 Security Update 2 and Filr 1.2 Security Update 3, available via the Novell Patch Finder.

CVE-2016-1608.
Special thanks to Wolfgang Ettlinger working with SEC Consult Vulnerability Lab for reporting this vulnerability to Micro Focus.