Login Sign Up

CVE-2024-10594

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in ESAFENET CDG 5 allows remote attackers to execute arbitrary SQL commands by manipulating the fileId parameter in the docHistory function. Attackers can potentially access, modify, or delete database contents. All users of ESAFENET CDG 5 with the vulnerable component exposed are affected.

💻 Affected Systems

Products:
  • ESAFENET CDG 5
Versions: All versions with the vulnerable FileDirectoryService.java component
Operating Systems: Any OS running ESAFENET CDG 5
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the docHistory function of the file management servlet. Any deployment with this component accessible is vulnerable.

📦 What is this software?

Cdg by Esafenet

View all CVEs affecting Cdg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, privilege escalation to system-level access, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized data access and extraction, potential data modification or deletion, and possible application disruption.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details have been publicly disclosed, making weaponization straightforward. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Contact ESAFENET for official patch or guidance. 2. If patch becomes available, apply following vendor instructions. 3. Restart application services after patching.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the fileId parameter

Network Segmentation

all

Restrict access to the vulnerable endpoint to trusted IP addresses only

🧯 If You Can't Patch

  • Implement input validation and parameterized queries in the FileDirectoryService.java file
  • Apply database-level controls: restrict application database user permissions to minimum required

🔍 How to Verify

Check if Vulnerable:

Test the /com/esafenet/servlet/fileManagement/FileDirectoryService endpoint with SQL injection payloads in the fileId parameter

Check Version:

Check ESAFENET CDG 5 version through application interface or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and that parameterized queries are implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed authentication attempts following SQL injection patterns
  • Unexpected database error messages

Network Indicators:

  • HTTP requests with SQL keywords in fileId parameter
  • Unusual traffic patterns to the file management endpoint

SIEM Query:

source="application_logs" AND ("fileId" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "DROP"))

📊 Metadata

CVE ID: CVE-2024-10594
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: October 31, 2024
Last Updated: November 5, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10594, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)