Directory Traversal Vulnerability in FileCatalyst Workflow Web Portal Allows File Upload Outside Intended Directory

Summary

The vulnerability CVE-2024-25153 affects the FileCatalyst Workflow Web Portal by Fortra, allowing for a directory traversal that permits files to be uploaded outside of the intended directory. This can be exploited to execute code, including web shells, posing a critical risk to organizations using this solution. Security researcher Tom Wedgbury has released a proof-of-concept exploit, increasing the risk of exploitation. The potential impact of this vulnerability includes the exfiltration of sensitive data, establishing a foothold for launching attacks, and disrupting business operations. Organizations are urged to patch the system immediately and enhance monitoring for any signs of intrusion or suspicious file uploads.

News Articles

Help Net Security

CVE-2023-41724CVE-2024-25153

Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Outsmarting cybercriminal innovation with strategies for

8 months ago

CybersecurityNews

CVE-2024-25153

PoC Published for Critical RCE Vulnerability in Fortra FileCatalyst

A proof of Concept (PoC) has been published for a critical RCE vulnerability identified in Fortra's FileCatalyst software.

8 months ago

Help Net Security

CVE-2024-25153

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) - Help Net Security

Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published.

8 months ago

More News...