First published: Thu Oct 31 2024(Updated: )
A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
ESAFENET CDG | =5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-10594 is classified as a critical vulnerability.
To mitigate CVE-2024-10594, ensure that input validation and proper parameterized queries are implemented in the affected function.
CVE-2024-10594 is a SQL injection vulnerability that allows attackers to manipulate the 'fileId' argument.
The vulnerability CVE-2024-10594 affects ESAFENET CDG version 5.
CVE-2024-10594 may allow attackers to execute arbitrary SQL commands, potentially compromising the database.