关联漏洞
标题:Fortra FileCatalyst 安全漏洞 (CVE-2024-5276)Description:Fortra FileCatalyst是Fortra公司的一个文件传输加速解决方案。旨在加速和优化全球网络中的文件传输。 Fortra FileCatalyst Workflow 5.1.6 Build 135及之前版本存在安全漏洞,该漏洞源于存在SQL注入漏洞,允许攻击者修改应用程序数据。
Description
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
文件快照
id: CVE-2024-5276
info:
name: Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection
author: ia
...
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。