Platform
other
Component
filecatalyst-workflow
Opgelost in
5.1.7
CVE-2024-5276 is a critical SQL Injection vulnerability discovered in Fortra FileCatalyst Workflow. This vulnerability allows attackers to modify application data, potentially leading to unauthorized access and data manipulation. It impacts versions 0 through 5.1.6 and has been resolved in version 5.1.7.
Successful exploitation of CVE-2024-5276 allows an attacker to inject malicious SQL code into FileCatalyst Workflow, enabling them to manipulate the application's database. This can result in the creation of unauthorized administrative users, granting attackers elevated privileges within the system. Furthermore, attackers can modify existing data within the database, potentially corrupting or deleting critical information. While direct data exfiltration via SQL injection is not possible with this specific vulnerability, the ability to modify data poses a significant risk to data integrity and system security. The requirement for anonymous access or an authenticated user to exploit the vulnerability narrows the scope somewhat, but still presents a considerable threat.
CVE-2024-5276 was published on 2024-06-25. The vulnerability's critical CVSS score (9.8) indicates a high probability of exploitation. Public proof-of-concept exploits are not currently known, but the ease of SQL injection exploitation suggests this may change. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting FileCatalyst Workflow.
Organizations utilizing FileCatalyst Workflow, particularly those with anonymous access enabled or legacy configurations running versions 0 through 5.1.6, are at significant risk. Shared hosting environments where multiple users share the same FileCatalyst Workflow instance are also particularly vulnerable, as an attacker could potentially compromise the entire system through a single vulnerable instance.
• linux / server: Monitor FileCatalyst Workflow logs for unusual SQL queries or error messages indicative of injection attempts. Use journalctl -f to monitor relevant log files in real-time.
journalctl -f -u filecatalyst_workflow | grep "SQL injection"• generic web: Use curl to test vulnerable endpoints with common SQL injection payloads. Examine response headers and content for signs of successful injection.
curl -X POST -d "param='; DROP TABLE users; --" https://your-filecatalyst-workflow-url/vulnerable-endpoint• database (mysql): If you have access to the underlying MySQL database, check for unauthorized user accounts or modified data that could indicate exploitation.
SELECT user, host FROM mysql.user WHERE user NOT IN ('root');disclosure
Exploit Status
EPSS
85.36% (99% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-5276 is to upgrade FileCatalyst Workflow to version 5.1.7 or later. If an immediate upgrade is not feasible, disable anonymous access to the Workflow system to prevent unauthenticated exploitation. Consider implementing Web Application Firewall (WAF) rules to detect and block SQL injection attempts targeting the vulnerable endpoints. Thoroughly review and validate all user inputs to prevent malicious SQL code from being injected. After upgrading, confirm the fix by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is blocked.
Actualice FileCatalyst Workflow a una versión posterior a 5.1.6 Build 135. Consulte el advisory de Fortra para obtener la versión corregida y las instrucciones de actualización específicas. Si no puede actualizar inmediatamente, considere deshabilitar el acceso anónimo o restringir el acceso a usuarios autenticados.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-5276 is a critical SQL Injection vulnerability in FileCatalyst Workflow allowing attackers to modify application data. It affects versions 0-5.1.6 and has a CVSS score of 9.8.
You are affected if you are running FileCatalyst Workflow versions 0 through 5.1.6. Immediate action is required to mitigate the risk.
Upgrade FileCatalyst Workflow to version 5.1.7 or later. If immediate upgrade is not possible, disable anonymous access and implement WAF rules.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest active exploitation is possible. Continuous monitoring is recommended.
Refer to the Fortra security advisory for CVE-2024-5276 on the Fortra website for detailed information and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.