{"vulnerability": "cve-2024-5276", "sightings": [{"uuid": "8b7b89a8-809e-42e4-accc-06b20add1a41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52769", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113516291368240041", "content": "", "creation_timestamp": "2024-11-20T16:45:45.712128Z"}, {"uuid": "05e7e4e2-0dec-4776-9182-88ac8e3d37ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52765", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113517241221970313", "content": "", "creation_timestamp": "2024-11-20T20:47:19.461971Z"}, {"uuid": "a9e326f8-7b62-4aa0-b2c2-949cb39e2c1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:05.000000Z"}, {"uuid": "04d16cee-0ff3-4be8-811f-7c07a86c6394", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "39df674d-bdd1-4c05-a259-881f5c5193f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52762", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lkbyl74hsm2u", "content": "", "creation_timestamp": "2025-03-13T21:02:09.090219Z"}, {"uuid": "6203101a-09de-4e40-a065-c7235934a6d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52762", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-52762.yaml", "content": "", "creation_timestamp": "2025-03-11T11:30:14.000000Z"}, {"uuid": "0c804a3e-2b98-4f74-927d-0f52d6fd5f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:04.000000Z"}, {"uuid": "0b131026-9a86-4a01-a855-8b050d7d8f82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52766", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m27ospiqek27", "content": "", "creation_timestamp": "2025-10-02T13:45:09.027304Z"}, {"uuid": "bd84ea7e-ad71-4251-9ec5-fd91ffa1f86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/fortra_filecatalyst_workflow_sqli.rb", "content": "", "creation_timestamp": "2024-08-19T08:40:02.000000Z"}, {"uuid": "d2139380-a543-440b-b3f0-ec73a15f171b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "Telegram/ng_1lgMwTSCJnp-rJFosgkTYQzHJ1Y0nL6lbhrTLhXNu0ys", "content": "", "creation_timestamp": "2024-06-27T10:26:03.000000Z"}, {"uuid": "fc2bf6a3-1e0f-4efc-9d2c-b44dc6201c8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m3iophhaaa2p", "content": "", "creation_timestamp": "2025-10-18T21:02:30.965653Z"}, {"uuid": "9cad134a-f314-4bf1-a4ab-b1cdd789aca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "Telegram/1dFSSrOtaf9E7PxA3ikRLCY6Nad2bX8mdzHI4LTg2n3Rxg", "content": "", "creation_timestamp": "2024-06-27T12:12:33.000000Z"}, {"uuid": "415e8daa-344b-481f-9c39-d1f4bd96c03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52769", "type": "seen", "source": "https://t.me/cvedetector/11624", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52769 - DedeBIZ RCE File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52769 \nPublished : Nov. 20, 2024, 5:15 p.m. | 25\u00a0minutes ago \nDescription : An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T18:45:44.000000Z"}, {"uuid": "b35338fb-4a5f-4432-8e0d-1321d754da4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52763", "type": "seen", "source": "https://t.me/cvedetector/11530", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52763 - Ganglia-web XSS\", \n  \"Content\": \"CVE ID : CVE-2024-52763 \nPublished : Nov. 19, 2024, 9:15 p.m. | 17\u00a0minutes ago \nDescription : A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the \"g\" parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T22:41:39.000000Z"}, {"uuid": "98850a85-7fad-4821-a467-b37155b1e46d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52762", "type": "seen", "source": "https://t.me/cvedetector/11529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52762 - Ganglia-web Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-52762 \nPublished : Nov. 19, 2024, 9:15 p.m. | 17\u00a0minutes ago \nDescription : A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the \"tz\" parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T22:41:38.000000Z"}, {"uuid": "7a1cdd4f-1e46-4c7a-b032-5607edbac426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52765", "type": "seen", "source": "https://t.me/cvedetector/11668", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52765 - H3C GR-1800AX ASPForm Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52765 \nPublished : Nov. 20, 2024, 9:15 p.m. | 41\u00a0minutes ago \nDescription : H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T22:57:24.000000Z"}, {"uuid": "d71b6526-bd5f-4d4f-b6de-c4b954bcde14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/13415", "content": "The Hacker News\nCritical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application\n\nA critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database.\nTracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139.\n\"An SQL injection vulnerability in", "creation_timestamp": "2024-06-27T12:12:34.000000Z"}, {"uuid": "e9745a52-5ad0-44d3-bd1c-e90e99bce0e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/3919", "content": "\u200aCVE-2024-5276 (CVSS 9.8): Critical SQLi Flaw in Fortra FileCatalyst Workflow, PoC Available\n\nhttps://securityonline.info/cve-2024-5276-cvss-9-8-critical-sqli-flaw-in-fortra-filecatalyst-workflow-poc-available/", "creation_timestamp": "2024-06-28T04:04:27.000000Z"}, {"uuid": "87d261ff-bf93-40d0-a63b-0dab066fc96d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "Telegram/qmEDHLBNdp1opQyESxLY8cSE-jzGu9bN7IsUBrgZMpYv7A", "content": "", "creation_timestamp": "2024-06-27T10:23:20.000000Z"}, {"uuid": "67cd83b6-c4e7-496c-a5c6-ae0a987f15ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5907", "content": "Fortra \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 FileCatalyst Workflow SQLi, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC.\n\n\u0420\u0435\u0448\u0435\u043d\u0438\u0435 FileCatalyst Workflow \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u043e\u0431\u044a\u0435\u043c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c\u0438 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443 \u0434\u043b\u044f \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0432 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430\u0445.\n\nCVE-2024-5276 (CVSS v3.1:9.8) \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Tenable 15 \u043c\u0430\u044f 2024 \u0433\u043e\u0434\u0430 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0438 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0432 \u0431\u0430\u0437\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 FileCatalyst Workflow 5.1.6 (\u0441\u0431\u043e\u0440\u043a\u0430 135 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438), \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 FileCatalyst Workflow 5.1.6 (\u0441\u0431\u043e\u0440\u043a\u0430 139).\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0442\u0430\u043a\u0436\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 \u0431\u044b\u043b \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f. \u0412 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f CVE-2024-5276 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f.\n\nTenable \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 Fortra 22 \u043c\u0430\u044f, \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0432 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0432 \u043f\u0430\u0431\u043b\u0438\u043a \u0441\u0440\u0430\u0437\u0443 \u0432\u0441\u043b\u0435\u0434 \u0437\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Fortra\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442, \u043a\u0430\u043a \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 jobID \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0445 \u0442\u043e\u0447\u043a\u0430\u0445 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Workflow.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043c\u0435\u0442\u043e\u0434 findJob \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0437\u0430\u0434\u0430\u043d\u0438\u044f \u0431\u0435\u0437 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u0438\u044f WHERE \u0432 \u0437\u0430\u043f\u0440\u043e\u0441\u0435 SQL, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0421\u043a\u0440\u0438\u043f\u0442 Tenable \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u043e \u0432\u0445\u043e\u0434\u0438\u0442 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 FileCatalyst Workflow \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 jobID, \u0447\u0442\u043e\u0431\u044b \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f-\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 (operator) \u0441 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c \u043f\u0430\u0440\u043e\u043b\u0435\u043c (password123).\n\n\u0412 \u043a\u043e\u043d\u0446\u0435 \u043a\u043e\u043d\u0446\u043e\u0432 \u043e\u043d \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0442\u043e\u043a\u0435\u043d \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432\u043d\u043e\u0432\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0435\u0449\u0435 \u043d\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u043b\u043e, \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0433\u043e PoC \u0431\u044b\u0441\u0442\u0440\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e. \u041c\u043e\u0436\u043d\u043e \u043d\u0435 \u0441\u043e\u043c\u043d\u0435\u0432\u0430\u0442\u044c\u0441\u044f, \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b Clop \u0443\u0436\u0435 \u0442\u0435\u0441\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u043e\u0432\u0443\u044e \u0438\u0433\u0440\u0443\u0448\u043a\u0443.", "creation_timestamp": "2024-06-27T13:59:48.000000Z"}, {"uuid": "545cf4e2-6d4f-41a9-94d7-48fba5feeda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "https://t.me/KomunitiSiber/2169", "content": "Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application\nhttps://thehackernews.com/2024/06/critical-sqli-vulnerability-found-in.html\n\nA critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database.\nTracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139.\n\"An SQL injection vulnerability in", "creation_timestamp": "2024-06-27T09:35:36.000000Z"}, {"uuid": "9146b64c-6868-431c-b2e3-23b5ec5d82e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/2656", "content": "The Hacker News\nCritical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application\n\nA critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database.\nTracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139.\n\"An SQL injection vulnerability in", "creation_timestamp": "2024-06-27T12:12:34.000000Z"}, {"uuid": "cca46905-8b1c-44e7-bb6e-da326dcdbaf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5276", "type": "seen", "source": "https://t.me/thehackernews/5177", "content": "\ud83d\udea8 Critical security flaw found in Fortra FileCatalyst Workflow. CVE-2024-5276 scores 9.8 on CVSS. Patch now to protect your data from SQL injection attacks. \n \nDetails here \u27a1\ufe0f https://thehackernews.com/2024/06/critical-sqli-vulnerability-found-in.html", "creation_timestamp": "2024-06-27T08:58:21.000000Z"}]}