SQL Injection Vulnerability in FileCatalyst Workflow Allows Modification of Application Data
CVE-2024-5276
Key Information
- Vendor
- Fortra
- Status
- Filecatalyst Workflow
- Vendor
- CVE Published:
- 25 June 2024
Badges
Summary
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
Affected Version(s)
FileCatalyst Workflow = 5.1.6; 0
News Articles
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) - Help Net Security
A critical SQL injection Vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched, a PoC is already available online.
6 months ago
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
6 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved