CVE-2024-6632

HIGH

FileCatalyst Workflow - SQL Injection

Title source: llm
STIX 2.1

Description

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0061
EPSS Percentile 44.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
fortra/filecatalyst_workflow 5.0.4 - 5.1.7
Published Aug 27, 2024
Tracked Since Feb 18, 2026