Severity: Critical

Description: The SFTP access method of a FILENAME statement can bypass the NOXCMD or LOCKDOWN options, which might allow a remote code execution.

Potential Impact: Arbitrary OS commands might be executed remotely.