CVE-2024-9560

Name of the Vulnerable Software and Affected Versions ESAFENET CDG V5

Description A critical issue has been found in ESAFENET CDG V5, affecting the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used.

Recommendations As a temporary workaround, consider disabling the delCatelogs function until a patch is available. Restrict access to the /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs endpoint to minimize the risk of exploitation. Avoid using the argument id in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.