CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42885
https://notcve.org/view.php?id=CVE-2024-42885
05 Sep 2024 — SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. • https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18636
https://notcve.org/view.php?id=CVE-2017-18636
30 Sep 2019 — CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. CDG hasta el 01-01-2017, permite el salto de directorio de downloadDocument.jsp?command=download&pathAndName=. • http://www.warmeng.com/2017/01/01/CDG-filedown • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •