CVE-2024-10278 | ESAFENET CDG 5 ReUserOrganiseService.java userId sql injection

Inserito da Angelo Barbosa | Ott 23, 2024 | CVE

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-10278. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10278 | ESAFENET CDG 5 ReUserOrganiseService.java userId sql injection

Post correlati

CVE-2024-6354 | Devolutions Remote Desktop Manager up to 2024.2.11 on Windows PAM Dashboard access control (DEVO-2024-0010)

CVE-2024-26265 | Liferay Portal/DXP Image Uploader Module resource consumption

CVE-2024-5571 | wpdevteam EmbedPress Plugin up to 4.0.1 on WordPress cross site scripting

CVE-2024-43438 | Moodle Feedback Non-Respondents Report resource injection