CVE-2024-10279 | ESAFENET CDG 5 PrintPolicyService.java policyId sql injection

Inserito da Angelo Barbosa | Ott 23, 2024 | CVE

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection.

This vulnerability was named CVE-2024-10279. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10279 | ESAFENET CDG 5 PrintPolicyService.java policyId sql injection

Post correlati

CVE-2024-8252 | Clean Login Plugin up to 1.14.5 on WordPress file inclusion

CVE-2024-34408 | Tencent libpag up to 4.3.51 PAG File DecodeStream.cpp checkEndOfFile integer overflow

CVE-2024-21586 | Juniper Junos OS Packet Forwarding Engine unusual condition (JSA83195)

CVE-2024-7467 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 3.90 Web Interface /vpn/list_ip_network.php sslvpn_config_mod template/stylenum os command injection