ESAFENET CDG SQL Injection Vulnerability in getFileTypeList.jsp Endpoint

Vulnerability

A critical SQL injection vulnerability has been identified in ESAFENET CDG version 5.6.3.154.205. The issue resides in the getFileTypeList.jsp file, where the typename parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, potentially allowing an attacker to gain full control over the underlying MSSQL server.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to unauthorized data access, data manipulation, or execution of arbitrary commands on the database server. In this case, it has been reported that the vulnerability could be exploited to execute arbitrary code on the MSSQL server, potentially allowing full control over the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ESAFENET CDG SQL Injection Vulnerability in getFileTypeList.jsp Endpoint

Vulnerability

Impact

Affected Products

ESAFENET CDG

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating