CVE-2024-10072 | ESAFENET CDG 5 EncryptPolicyService.java actionAddEncryptPolicyGroup checklist sql injection

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection.

The identification of this vulnerability is CVE-2024-10072. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10072 | ESAFENET CDG 5 EncryptPolicyService.java actionAddEncryptPolicyGroup checklist sql injection

Post correlati

CVE-2024-45323 | Fortinet FortiEDR Manager up to 6.0.1/6.2.1 REST API access control (FG-IR-24-371)

CVE-2023-51810 | StackIdeas EasyDiscuss up to 5.0.9 Users Module search sql injection

CVE-2024-6007 | Netentsec NS-ASG Application Security Gateway 6.3 deleteiscgwrouteconf.php messagecontent sql injection

CVE-2024-25354 | domain-suffix 1.0.8 parse redos