CVE-2024-10595

Name of the Vulnerable Software and Affected Versions ESAFENET CDG 5

Description A critical vulnerability was found in ESAFENET CDG 5, affecting the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. This vulnerability leads to SQL injection and can be exploited remotely. The exploit has been disclosed to the public, and the vendor was contacted but did not respond.

Recommendations Update to the latest patched version immediately to mitigate risks. As a temporary workaround, consider disabling the delFile/delDifferCourseList function until a patch is available. Restrict access to the /com/esafenet/servlet/ajax/PublicDocInfoAjax.java file to minimize the risk of exploitation.