ESAFA.NET CDG 5 ReUserOrganiseService.java SQL Injection (CVE-2024-10278)

Key Information Vulnerability Name: ESAFENET CDG 5 ReuserOrganiseService.java UserID SQL Injection Vulnerability ID: VDB-281553 CVE-2024-10278 CVSS Meta Temp Score: 6.0 Current Exploit Price: $0-$5k CTI Interest Score: 1.45 Vulnerability Description: A vulnerability has been identified in ESAFA.NET CDG 5, classified as severe. It affects an unknown section of the file . Manipulating the parameter via unknown input leads to an SQL injection vulnerability. CWE classifies this issue as CWE-89. The product constructs SQL commands using external, untrusted input, but fails to properly neutralize or neutralize special elements that could alter the SQL command when sent to downstream components. This impacts confidentiality, integrity, and availability. CVE Summary: A vulnerability has been discovered in ESAFA.NET CDG 5, classified as severe. It affects an unknown part of the file . Manipulating the parameter via unknown input results in SQL injection. The vulnerability has been publicly disclosed and may be exploited. The vendor was notified early about this disclosure but did not respond. Exploit Availability: The exploit has been publicly disclosed and may be exploited. Technical details and public exploits are known. MITRE ATT&CK framework references attack technique T1505. Exploit Download: The exploit is publicly downloadable and declared as proof-of-concept. The vendor was notified early about this disclosure but did not respond. Recommendation: No known remediation is available. It is recommended to replace the affected component. References: VDB-238606, VDB-239389, VDB-240220, VDB-242978

Goal Reached Thanks to every supporter — we hit 100%!

ESAFA.NET CDG 5 ReUserOrganiseService.java SQL Injection (CVE-2024-10278)