Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-27730
• https://github.com/accellion/CVEs/blob/main/CVE-2021-27730.txt