Security News > 2024 > June > PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)
![PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)](/static/build/img/news/poc-exploit-for-critical-fortra-filecatalyst-flaw-published-cve-2024-5276-medium.jpg)
A critical SQL injection vulnerability in Fortra FileCatalyst Workflow has been patched; a PoC exploit is already available online.
Fortra FileCatalyst is an enterprise software solution for accellerated, UDP-based file transfer of large files.
"Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required," the company noted.
"SQL Injection results from failure of the application to appropriately validate input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended."
The vulnerability affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier, and has been fixed in 5.1.6 build 139.
Three months ago, PoC exploit code for a critical RCE vulnerability in Fortra FileCatalyst Workflow was also made public, but no exploitation attemps followed.
News URL
https://www.helpnetsecurity.com/2024/06/27/cve-2024-5276-poc/
Related news
- PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) (source)
- PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) (source)
- Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released (source)
- F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026) (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Log4Shell shows no sign of fading, spotted in 30% of CVE exploits (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) (source)
- 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) (source)