CVE-2024-10660 | ESAFENET CDG 5 HookService.java deleteHook hookId sql injection

Posted by Angelo Barbosa | Nov 1, 2024 | CVE

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-10660. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-10660 | ESAFENET CDG 5 HookService.java deleteHook hookId sql injection

Related Posts

CVE-2024-21100 | Oracle Commerce Platform 11.3.0/11.3.1/11.3.2 Remote Code Execution

CVE-2023-28827 | Siemens SIMATIC CP 1242-7 V2 null pointer dereference (ssa-423808)

CVE-2024-42346 | galaxyproject Galaxy up to 24.1.0 /visualizations cross site scripting (GHSA-x6w7-3gwf-qr9r)

CVE-2023-45185 | IBM i Access Client Solutions up to 1.1.4/1.1.9.3 deserialization (XFDB-268273)