CVE-2024-10594 | ESAFENET CDG 5 FileDirectoryService.java docHistory fileId sql injection

Posted by Angelo Barbosa | Oct 31, 2024 | CVE

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection.

This vulnerability is traded as CVE-2024-10594. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10594 | ESAFENET CDG 5 FileDirectoryService.java docHistory fileId sql injection

Related Posts

CVE-2024-2637 | B&R Industrial Automation VC4 Files uncontrolled search path

CVE-2024-49768 | Pylons Waitress up to 3.0.0 on Python HTTP Pipelining recv_bytes toctou

CVE-2023-37233 | Loftware Spectrum up to 4.6 HF13 xml external entity reference

CVE-2024-40902 | Linux Kernel up to 6.9.5 xattr buffer overflow