SQL Injection Vulnerability in FileCatalyst Workflow Allows Modification of Application Data
CVE-2024-5276
Key Information:
- Vendor
- Fortra
- Status
- Vendor
- CVE Published:
- 25 June 2024
Badges
Summary
A SQL Injection vulnerability in Fortra FileCatalyst Workflow permits unauthorized alterations to application data. This may enable attackers to create new administrative users and modify or delete existing data in the application database. While data exfiltration is not possible through this specific vulnerability, an unauthenticated attacker may exploit it if anonymous access is enabled on the Workflow system. Otherwise, an authenticated user is required to carry out the exploitation. The vulnerability affects all versions of FileCatalyst Workflow 5.1.6 Build 135 and earlier.
Affected Version(s)
FileCatalyst Workflow 5.1.6; 0
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Help Net SecurityCVE-2024-5276PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) - Help Net Security
A critical SQL injection Vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched, a PoC is already available online.
7 months ago
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
7 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved