CVE-2019-9632
HIGH NUCLEIESAFENET CDG V3 and V5 - Arbitrary File Download via download.jsp fileName Parameter
Title source: llmExploitation Summary
CVE-2019-9632 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
Nuclei Templates (1)
ESAFENET CDG - Arbitrary File Download
HIGHby pdteam
FOFA:
title="电子文档安全管理系统"
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.iwantacve.cn/index.php/archives/132/
Scores
CVSS v3
7.5
EPSS
0.3988
EPSS Percentile
98.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
esafenet/electronic_document_security_management_system
v3
esafenet/electronic_document_security_management_system
v5
Published
Mar 08, 2019
Tracked Since
Feb 18, 2026