PT-2024-33085 · Unknown · Esafenet Cdg
Published
2024-10-25
·
Updated
2025-05-28
·
CVE-2024-48343
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ESAFENET CDG versions 5 and earlier
Description
A SQL Injection issue allows an attacker to execute arbitrary code via the
id parameter of the "dataSearch.jsp" page.Recommendations
For versions 5 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the
dataSearch.jsp page to minimize the risk of exploitation. Avoid using the id parameter in the affected page until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esafenet Cdg