CVE-2024-42885

SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
Configurations

Configuration 1 (hide)

cpe:2.3:a:esafenet:cdg:*:*:*:*:*:*:*:*

History

03 Jul 2025, 12:43

Type Values Removed Values Added
CPE cpe:2.3:a:esafenet:cdg:*:*:*:*:*:*:*:*
First Time Esafenet
Esafenet cdg
References () https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b - () https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b - Exploit, Third Party Advisory
Summary
  • (es) La vulnerabilidad de inyección SQL en ESAFENET CDG 5.6 y anteriores permite a un atacante ejecutar código arbitrario a través del parámetro id de la página data.jsp.

05 Sep 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-89

05 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-05 16:15

Updated : 2025-07-03 12:43


NVD link : CVE-2024-42885

Mitre link : CVE-2024-42885

CVE.ORG link : CVE-2024-42885


JSON object : View

Products Affected

esafenet

  • cdg
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')