CVE-2025-1840 | ESAFENET CDG 5.6.3.154.205 updateorg.jsp flowId sql injection

Inserito da Angelo Barbosa | Mar 2, 2025 | CVE

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection.

This vulnerability is handled as CVE-2025-1840. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-1840 | ESAFENET CDG 5.6.3.154.205 updateorg.jsp flowId sql injection

Post correlati

CVE-2024-29815 | Aminur Islam WP Change Email Sender Plugin up to 1.2.x on WordPress cross site scripting

CVE-2022-48640 | Linux Kernel up to 5.15.70/5.19.11/6.0 Virtual Address bond_rr_gen_slave_id null pointer dereference (ec3a6f4ffe55/2c8e8ab53acf/0e400d602f46)

CVE-2024-1912 | Categorify Plugin up to 1.0.7.4 on WordPress categorifyAjaxUpdateFolderPosition cross-site request forgery

CVE-2023-6910 | M-Files Server prior 23.12.13195.0 API resource consumption