ESAFENET CDG SQL Injection Vulnerability in updateNotice.jsp

Vulnerability

A critical SQL injection vulnerability has been identified in ESAFENET CDG version 5.6.3.154.205_20250114. The issue arises in the updateNotice.jsp file, where manipulation of the ID parameter allows for SQL injection. This vulnerability can be exploited remotely, potentially leading to unauthorized access or manipulation of the database.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to execute arbitrary SQL commands. In the context of a Microsoft SQL Server, this could lead to remote code execution, allowing an attacker to execute commands on the server with the same privileges as the SQL Server service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ESAFENET CDG SQL Injection Vulnerability in updateNotice.jsp

Vulnerability

Impact

Affected Products

ESAFENET CDG

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating