Sawmill - Code Execution

.:: DESCRIPTION ::.
Sawmill is a powerful, hierachical log analysis tool that runs on every major platform. Sawmill is used by a wide variety of clients worldwide, including corporations, educational institutions, government and military organizations, small businesses, libraries, hospitals, non-profit organizations, and individuals.

.:: SUMMARY ::.
Affected Version: 7.0.X, < 7.1.6
Tested Platform: Linux

A security vulnerability has been found in Sawmill version 7.0.X and < 7.1.6 which allows execution of arbitrary code under the privilege of the web server.

.:: DETAILS ::.
Not available to the public or to the users with basic VIA Agent's subscription.

.:: IMPACT ::.
An unprivileged Sawmill user or attacker can exploit this vulnerability to execute arbitrary code and gain further access to the server that hosts Sawmill Log Analyzer.

.:: AUTHOR ::.
Phuong Nguyen