all InfoSec news
Fortra FileCatalyst Workflow Unauthenticated SQLi
June 25, 2024, 3:42 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
A SQL injection vulnerability exists in Fortra FileCatalyst Workflow v5.1.6 build 135 and earlier.
A user-supplied jobID is used to form the WHERE clause in an SQL query:
// class unlimited.core.l.p
public xc findJob(String jobID) {
if (jobID == null)
return null;
if (jobID.equals(""))
return null;
b query = new b("*", xc.ps, xc.yr + "='" + jobID + "'");
xc pjret = null;
ResultSet rs = null;
Connection conn = this.hb.getDatabaseSettings().we().b();
try {
rs = …
build class fortra injection public query return sql sqli sql injection sql injection vulnerability sql query unauthenticated vulnerability workflow
More from www.tenable.com / Tenable Research Advisories
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities
4 days, 4 hours ago |
www.tenable.com
NextChat Server-Side Request Forgery / Cross-Site Scripting
4 days, 8 hours ago |
www.tenable.com
SSRF Security Feature Bypass in Azure AI and ML Studios
1 week, 5 days ago |
www.tenable.com
Microsoft Azure Firewall Bypass Vulnerability
3 weeks, 5 days ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Watch Officer and Operations Officer
@ Interclypse | Arlington, VA, US
Sales Development Representative
@ Devo | United States
Principal Software Engineer
@ Oracle | Seattle, WA, United States
Engineering Manager, Cloud - TDIR (Remote)
@ CrowdStrike | USA CA Remote
Linux System Administrator II
@ Peraton | Fort Meade, MD, United States
Linux System Administrator
@ Peraton | Fort Meade, MD, United States