CVE-2024-42885

CRITICAL

ESAFENET CDG < 5.6 - SQL Injection via data.jsp id Parameter

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.

References (1)

Core 1

Scores

CVSS v3 9.1
EPSS 0.0064
EPSS Percentile 46.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
esafenet/cdg < 5.6
Published Sep 05, 2024
Tracked Since Feb 18, 2026