CVE-2024-10594 | ESAFENET CDG 5 FileDirectoryService.java docHistory fileId sql injection

Posted by Angelo Barbosa | Oct 31, 2024 | CVE

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection.

This vulnerability is traded as CVE-2024-10594. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10594 | ESAFENET CDG 5 FileDirectoryService.java docHistory fileId sql injection

Related Posts

CVE-2024-4790 | DedeCMS 5.7.114 sys_verifies.php filename path traversal

CVE-2024-32721 | Jegtheme Jeg Elementor Kit Plugin up to 2.6.3 on WordPress cross site scripting

CVE-2024-38214 | Microsoft Windows Server 2008 R2 SP1 up to Server 2022 Routing/Remote Access Service out-of-bounds

CVE-2024-23665 | Fortinet FortiWeb up to 6.3.23/6.4.3/7.0.10/7.2.7/7.4.2 Requests improper authorization (FG-IR-23-474)