ESAFENET CDG V5 Catelogs;logindojojs?command=DelCatelogs delCatelogs ID SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a ESAFENET CDG V5. Tabbas, aikin delCatelogs ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs, a cikin sashi $software_component. Wuro manipulation of the argument ID ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 10/06/2024. Ana samun bayanin tsaro don saukewa a flowus.cn. Ana kiran wannan rauni da CVE-2024-9560. Ngam yiɗi ka a tuma ndiyam ka internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a flowus.cn. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

2 Goyarwa · 74 Datenpunkte

FurɗeSúgá
10/06/2024 12:08		Gargadi 1/1
10/07/2024 01:11
software_vendorESAFENETESAFENET
software_nameCDGCDG
software_versionV5V5
software_file/CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs/CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs
software_functiondelCatelogsdelCatelogs
software_argumentidid
vulnerability_cweCWE-89 (SQL Injection)CWE-89 (SQL Injection)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://flowus.cn/share/38f64855-27ec-4170-ac78-f29ca595901e?code=G8A6P3https://flowus.cn/share/38f64855-27ec-4170-ac78-f29ca595901e?code=G8A6P3
exploit_availability11
exploit_publicity11
exploit_urlhttps://flowus.cn/share/38f64855-27ec-4170-ac78-f29ca595901e?code=G8A6P3https://flowus.cn/share/38f64855-27ec-4170-ac78-f29ca595901e?code=G8A6P3
source_cveCVE-2024-9560CVE-2024-9560
cna_responsibleVulDBVulDB
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcLL
cvss4_vuldb_viLL
cvss4_vuldb_vaLL
cvss4_vuldb_ePP
cvss2_vuldb_auSS
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_prLL
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.65.6
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore5.75.7
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore5.76.0
cvss4_vuldb_bscore5.35.3
cvss4_vuldb_btscore2.12.1
advisory_date1728165600 (10/06/2024)1728165600 (10/06/2024)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore6.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore6.5

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!