CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42885
https://notcve.org/view.php?id=CVE-2024-42885
05 Sep 2024 — SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. • https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18636
https://notcve.org/view.php?id=CVE-2017-18636
30 Sep 2019 — CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. CDG hasta el 01-01-2017, permite el salto de directorio de downloadDocument.jsp?command=download&pathAndName=. • http://www.warmeng.com/2017/01/01/CDG-filedown • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 1CVE-2019-9632
https://notcve.org/view.php?id=CVE-2019-9632
08 Mar 2019 — ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. ESAFENET CDG, en versiones V3 y V5, tiene una vulnerabilidad de descarga de archivos arbitraros mediante el parámetro fileName en download.jsp debido a que el parámetro InstallationPack se gestiona de manera incorrecta en una petición /CDGServer3/ClientAjax. • http://www.iwantacve.cn/index.php/archives/132 •