Fortra FileCatalyst Workflow, a web-based file exchange platform, is affected by a critical SQL injection vulnerability identified as CVE-2024-5276. Discovered by Tenable researchers on May 15, 2024, and disclosed publicly recently, this vulnerability allows remote unauthenticated attackers to create unauthorized admin accounts and manipulate data within the application’s database. However, it does not permit data theft through SQL injection.
The flaw impacts versions of FileCatalyst Workflow up to 5.1.6 Build 135. Fortra has provided fixes in version 5.1.6 Build 139, which users are strongly advised to upgrade to. The vulnerability is exposed when anonymous access is enabled, allowing attackers to exploit the issue without requiring authentication.
Tenable’s disclosure included a proof-of-concept exploit demonstrating how attackers can leverage the vulnerability through the ‘jobID’ parameter in various URL endpoints. By injecting malicious code into SQL queries due to insufficient input sanitization, attackers can insert new admin users and perform unauthorized actions.
Despite the release of the exploit, there have been no confirmed reports of active exploitation. The situation echoes a previous incident where the Clop ransomware group exploited a Fortra product vulnerability for data theft, underscoring the importance of applying security patches promptly.
Reference:
