User0Menc

**Name of the Vulnerable Software and Affected Versions** Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System version 3.0 **Description** A critical issue was found in the function `electricDocList` of the file `/newsedit/report/reportCenter.do`. The manipulation of the argument `fvID/catID` leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider restricting access to the `/newsedit/report/reportCenter.do` endpoint until a patch is available. Avoid using the argument `fvID/catID` in the affected endpoint until the issue is resolved. Restrict access to the `electricDocList` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue has been found in ESAFENET CDG, affecting the `delSystemEncryptPolicy` function in the file `/com/esafenet/servlet/document/CDGAuthoriseTempletService.java`. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For ESAFENET CDG version 5, as a temporary workaround, consider disabling the `delSystemEncryptPolicy` function until a patch is available. Restrict access to the `/com/esafenet/servlet/document/CDGAuthoriseTempletService.java` file to minimize the risk of exploitation. Avoid using the `id` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG 5 **Description** A critical issue has been found in ESAFENET CDG 5, affecting the `docHistory` function of the file `/com/esafenet/servlet/fileManagement/FileDirectoryService.java`. The manipulation of the `fileId` argument leads to SQL injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** As a temporary workaround, consider disabling the `docHistory` function until a patch is available. Restrict access to the `/com/esafenet/servlet/fileManagement/FileDirectoryService.java` file to minimize the risk of exploitation. Avoid using the `fileId` argument in the affected function until the issue is resolved. Update to the latest release to mitigate risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue has been found, affecting the `delProtocol` function of the file `/com/esafenet/servlet/system/ProtocolService.java`. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. The vendor was contacted about this issue but did not respond. **Recommendations** For ESAFENET CDG version 5, as a temporary workaround, consider disabling the `delProtocol` function until a patch is available. Restrict access to the `/com/esafenet/servlet/system/ProtocolService.java` file to minimize the risk of exploitation. Avoid using the `id` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG 5 **Description** A critical issue was found in ESAFENET CDG, affecting the function `delEntryptPolicySort` of the file `/com/esafenet/servlet/system/EncryptPolicyTypeService.java`. The manipulation of the argument `id` leads to SQL injection. The attack may be launched remotely. **Recommendations** For ESAFENET CDG 5, update to the latest patched version immediately to mitigate risks. As a temporary workaround, consider disabling the `delEntryptPolicySort` function until a patch is available. Restrict access to the `/com/esafenet/servlet/system/EncryptPolicyTypeService.java` file to minimize the risk of exploitation. Avoid using the argument `id` in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG 5 **Description** A critical vulnerability was found in ESAFENET CDG 5, affecting the function `delFile/delDifferCourseList` of the file `/com/esafenet/servlet/ajax/PublicDocInfoAjax.java`. This vulnerability leads to SQL injection and can be exploited remotely. The exploit has been disclosed to the public, and the vendor was contacted but did not respond. **Recommendations** Update to the latest patched version immediately to mitigate risks. As a temporary workaround, consider disabling the `delFile/delDifferCourseList` function until a patch is available. Restrict access to the `/com/esafenet/servlet/ajax/PublicDocInfoAjax.java` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue was found in ESAFENET CDG, affecting the `findById` function of the file `/com/esafenet/servlet/document/ExamCDGDocService.java`. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For ESAFENET CDG version 5, as a temporary workaround, consider restricting access to the `findById` function of the `ExamCDGDocService.java` file until a patch is available. Avoid using the `id` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue has been found, affecting the `actionPassOrNotAutoSign` function in the `/com/esafenet/servlet/service/processsign/AutoSignService.java` file. The manipulation of the `UniqueId` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For ESAFENET CDG version 5, as a temporary workaround, consider disabling the `actionPassOrNotAutoSign` function until a patch is available. Restrict access to the `/com/esafenet/servlet/service/processsign/AutoSignService.java` file to minimize the risk of exploitation. Avoid using the `UniqueId` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A problematic vulnerability was found in ESAFENET CDG, affecting the `actionViewDecyptFile` function in the `/com/esafenet/servlet/client/DecryptApplicationService.java` file. The vulnerability can be exploited by manipulating the `decryptFileId` argument with a specific input, such as `../../../Windows/System32/drivers/etc/hosts`, leading to path traversal. The attack can be launched remotely. The affected function has a typo and is missing an 'R'. The vendor was contacted about this disclosure but did not respond. **Recommendations** For ESAFENET CDG version 5, consider disabling the `actionViewDecyptFile` function until a patch is available to prevent path traversal attacks. Restrict access to the `DecryptApplicationService.java` file to minimize the risk of exploitation. Avoid using the `decryptFileId` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue has been found in the function `actionViewCDGRenewFile` of the file `/com/esafenet/servlet/client/CDGRenewApplicationService.java`. The manipulation of the `CDGRenewFileId` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider disabling the `actionViewCDGRenewFile` function until a patch is available. Restrict access to the `/com/esafenet/servlet/client/CDGRenewApplicationService.java` file to minimize the risk of exploitation. Avoid using the `CDGRenewFileId` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue affects the `actionPassDecryptApplication1` function in the `/com/esafenet/servlet/client/DecryptApplicationService.java` file. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For ESAFENET CDG version 5, as a temporary workaround, consider restricting access to the `actionPassDecryptApplication1` function until a patch is available. Avoid using the `id` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue has been found, affecting the function `updateNetSecPolicyPriority` of the file `/com/esafenet/servlet/ajax/NetSecPolicyAjax.java`. The manipulation of the argument `id/frontId` leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For ESAFENET CDG version 5, as a temporary workaround, consider disabling the `updateNetSecPolicyPriority` function until a patch is available. Restrict access to the `/com/esafenet/servlet/ajax/NetSecPolicyAjax.java` file to minimize the risk of exploitation. Avoid using the argument `id/frontId` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue was found in the function `actionDelNetSecConfig` of the file `/com/esafenet/servlet/netSec/NetSecConfigService.java`. The manipulation of the argument `id` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `actionDelNetSecConfig` function until a patch is available. Restrict access to the `/com/esafenet/servlet/netSec/NetSecConfigService.java` file to minimize the risk of exploitation. Avoid using the argument `id` in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5 **Description** A critical issue has been found, affecting the function `actionPassMainApplication` of the file `/com/esafenet/servlet/client/MailDecryptApplicationService.java`. The manipulation of the argument `id` leads to SQL injection. This issue can be exploited remotely. **Recommendations** As a temporary workaround, consider disabling the `actionPassMainApplication` function until a patch is available. Restrict access to the `/com/esafenet/servlet/client/MailDecryptApplicationService.java` file to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version V5 **Description** A critical issue affects some unknown functionality of the file "/MultiServerBackService?path=1". The manipulation of the `fileId` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For ESAFENET CDG version V5, as a temporary workaround, consider restricting access to the "/MultiServerBackService?path=1" endpoint until a patch is available. Avoid using the `fileId` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.