CVE-2024-5276

CRITICAL EXPLOITED NUCLEI

Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)

Title source: metasploit

Exploitation Summary

CVE-2024-5276 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Tenable, Michael Heinzl, including a Metasploit module auxiliary/admin/http/fortra_filecatalyst_workflow_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Fortra FileCatalyst Workflow to add a new administrative user. It automates the process of session token extraction and payload delivery via a crafted SQL query.

Description

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.

Exploits (1)

metasploit WORKING POC

by Tenable, Michael Heinzl · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/fortra_filecatalyst_workflow_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in Fortra FileCatalyst Workflow to add a new administrative user. It automates the process of session token extraction and payload delivery via a crafted SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Fortra FileCatalyst Workflow <= v5.1.6 Build 135

No auth needed

Prerequisites: Network access to the target · Target running vulnerable version of Fortra FileCatalyst Workflow

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

FOFA: body="FileCatalyst file transfer solution, easily transfer large files"

References (3)

Core 3

Core References

Mitigation, Vendor Advisory

https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0

Vendor Advisory

https://www.fortra.com/security/advisory/fi-2024-008

Exploit, Third Party Advisory

https://www.tenable.com/security/research/tra-2024-25

Scores

CVSS v3 9.8

EPSS 0.8742

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-10-17

CWE

CWE-20 CWE-89

Status published

Products (2)

fortra/filecatalyst_workflow 5.1.6 (6 CPE variants)

fortra/filecatalyst_workflow < 5.1.6

Published Jun 25, 2024

Tracked Since Feb 18, 2026