SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
References
Link | Resource |
---|---|
https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b | Exploit Third Party Advisory |
Configurations
History
03 Jul 2025, 12:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:esafenet:cdg:*:*:*:*:*:*:*:* | |
First Time |
Esafenet
Esafenet cdg |
|
References | () https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b - Exploit, Third Party Advisory | |
Summary |
|
05 Sep 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CWE | CWE-89 |
05 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-05 16:15
Updated : 2025-07-03 12:43
NVD link : CVE-2024-42885
Mitre link : CVE-2024-42885
CVE.ORG link : CVE-2024-42885
JSON object : View
Products Affected
esafenet
- cdg
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')