CVE-2024-10660 – ESAFENET CDG HookService.java deleteHook sql injection
https://notcve.org/view.php?id=CVE-2024-10660
01 Nov 2024 — A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/9d33a5d8-87b1-482b-8642-a8fcf27585ba?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10659 – ESAFENET CDG CDGAuthoriseTempletService.java delSystemEncryptPolicy sql injection
https://notcve.org/view.php?id=CVE-2024-10659
01 Nov 2024 — A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10613 – ESAFENET CDG SystemEncryptPolicyService.java delSystemEncryptPolicy sql injection
https://notcve.org/view.php?id=CVE-2024-10613
01 Nov 2024 — A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://flowus.cn/share/b73c3e0f-21ff-4026-84ec-be60bcbd5bfc?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10612 – ESAFENET CDG HookInvalidCourseService.java removeHookInvalidCourse sql injection
https://notcve.org/view.php?id=CVE-2024-10612
01 Nov 2024 — A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. • https://flowus.cn/share/ba7e7981-c66b-4d04-8fed-6d26b6765fe7?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10611 – ESAFENET CDG PrintScreenListService.java delProtocol sql injection
https://notcve.org/view.php?id=CVE-2024-10611
01 Nov 2024 — A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/9967b626-9a33-42f9-b8d2-d001b2a0b24a?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10610 – ESAFENET CDG ProtocolService.java delProtocol sql injection
https://notcve.org/view.php?id=CVE-2024-10610
01 Nov 2024 — A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/0099e10a-5242-4651-a85a-5e8f98abc533?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10597 – ESAFENET CDG PolicyActionService.java delPolicyAction sql injection
https://notcve.org/view.php?id=CVE-2024-10597
31 Oct 2024 — A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://flowus.cn/share/380bcc9d-95ae-4576-b3df-bf3b06f1c5cd?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10596 – ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection
https://notcve.org/view.php?id=CVE-2024-10596
31 Oct 2024 — A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://flowus.cn/share/0c59c0ea-9624-42b5-9e06-66fab39b773c?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10595 – ESAFENET CDG PublicDocInfoAjax.java delDifferCourseList sql injection
https://notcve.org/view.php?id=CVE-2024-10595
31 Oct 2024 — A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. • https://flowus.cn/share/651b6010-4701-4cec-a5a3-6e01e22636b9?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10594 – ESAFENET CDG FileDirectoryService.java docHistory sql injection
https://notcve.org/view.php?id=CVE-2024-10594
31 Oct 2024 — A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack remotely. • https://flowus.cn/share/b95a0695-de84-4459-aa7b-87a1400d5509?code=G8A6P3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •