Esafenet Cdg

SQLi via noticeId in ESAFENET CDG 5.6.3.154_20250114 /parameter/getLimitIPList.jsp
CVE-2025-3401 9.8 - Critical - April 08, 2025

A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5.6.3 SQLi via /pubinfo/updateNotice.jsp ID
CVE-2025-3399 9.8 - Critical - April 08, 2025

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

CRITICAL SQLi in ESAFENET CDG 5.6.3 via UnChkMailApp.jsp 'typename'
CVE-2025-3400 9.8 - Critical - April 08, 2025

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5.6.3.154.205 - /parameter/getFileTypeList.jsp Remote SQLi
CVE-2025-2927 9.8 - Critical - March 28, 2025

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5.6.3 SQLi via backupLogDetail.jsp logTaskId
CVE-2025-1844 9.8 - Critical - March 03, 2025

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5.6.3.154.205 – SQLi via updateorg.jsp (flowId)
CVE-2025-1840 9.8 - Critical - March 03, 2025

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

ESAFENET CDG 5.6.3.154.205 SQLi in ClientSortLog.jsp (remote)
CVE-2025-1841 9.8 - Critical - March 03, 2025

A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

ESAFENET CDG 5.6.3.154_20250114: addPolicyToSafetyGroup.jsp SQLi via safetyGroupId
CVE-2025-1158 6.3 - Medium - February 10, 2025

A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It has been classified as critical. Affected is an unknown function of the file addPolicyToSafetyGroup.jsp. The manipulation of the argument safetyGroupId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG V5 XSS via flowId in /todolistjump.jsp
CVE-2025-0795 6.1 - Medium - January 29, 2025

A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS

ESAFENET CDG V5 SQLi in /todoDetail.jsp
CVE-2025-0793 9.8 - Critical - January 29, 2025

A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG V5 JSP XSS via curpage parameter
CVE-2025-0794 6.1 - Medium - January 29, 2025

A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS

ESAFENET CDG V5 XSS via curpage in /doneDetail.jsp
CVE-2025-0790 6.1 - Medium - January 29, 2025

A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS

ESAFENET CDG V5: Critical SQLi via flowId in sdTodoDetail.jsp
CVE-2025-0792 9.8 - Critical - January 29, 2025

A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG V5 SQLi via flowId in /sdDoneDetail.jsp
CVE-2025-0791 9.8 - Critical - January 29, 2025

A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG V5 SQLi via id in /content_top.jsp
CVE-2025-0788 8.8 - High - January 28, 2025

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /content_top.jsp. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG V5 - Remote SQLi via flowId in /doneDetail.jsp
CVE-2025-0789 8.8 - High - January 28, 2025

A vulnerability classified as critical has been found in ESAFENET CDG V5. This affects an unknown part of the file /doneDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG V5 XSS in /SysConfig.jsp via help param
CVE-2025-0785 6.1 - Medium - January 28, 2025

A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of the argument help leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS

ESAFENET CDG V5 XSS via curpage in /appDetail.jsp
CVE-2025-0787 5.4 - Medium - January 28, 2025

A vulnerability was found in ESAFENET CDG V5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /appDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

XSS

ESAFENET CDG V5 SQLi via appDetail.jsp FlowID
CVE-2025-0786 8.8 - High - January 28, 2025

A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG SQL Injection Vulnerability in HookService.java
CVE-2024-10660 9.8 - Critical - November 01, 2024

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQL Injection Vulnerability in ESAFENET CDG Authorize Template Service
CVE-2024-10659 9.8 - Critical - November 01, 2024

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

ESAFENET CDG5 Remote SQLi via delSystemEncryptPolicy ID Param
CVE-2024-10613 8.8 - High - November 01, 2024

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5: Critical SQLi via removeHookInvalidCourse id
CVE-2024-10612 8.8 - High - November 01, 2024

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 SQLi via delProtocol id in Java Servlet
CVE-2024-10610 8.8 - High - November 01, 2024

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

SQL Injection in Esafenet CDG 5 delProtocol
CVE-2024-10611 8.8 - High - November 01, 2024

A vulnerability was found in ESAFENET CDG 5 and classified as critical. This issue affects the function delProtocol of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

SQLi in ESAFENET CDG 5: delPolicyAction Remote
CVE-2024-10597 9.8 - Critical - October 31, 2024

A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG5 SQLi via FileDirectoryService::docHistory
CVE-2024-10594 8.8 - High - October 31, 2024

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG5: Remote SQLi in PublicDocInfoAjax
CVE-2024-10595 9.8 - Critical - October 31, 2024

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5: Critical SQLi via delEntryptptPolicySort
CVE-2024-10596 8.8 - High - October 31, 2024

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 HookWhiteListService.sqli Remote
CVE-2024-10500 8.8 - High - October 30, 2024

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 - Critical SQL Injection via getOneFileDirectory
CVE-2024-10502 8.8 - High - October 30, 2024

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function getOneFileDirectory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument directoryId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 - Remote SQL Injection via findById in ExamCDGDocService
CVE-2024-10501 8.8 - High - October 30, 2024

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

SQLi in ESAFENET CDG 5 via dataSearch.jsp id param
CVE-2024-48343 - October 25, 2024

A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page.

Remote SQLi via CDGRenewFileId in ESAFENET CDG 5
CVE-2024-10378 9.8 - Critical - October 25, 2024

A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The manipulation of the argument CDGRenewFileId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 Path Traversal via /DecryptApplicationService
CVE-2024-10379 7.5 - High - October 25, 2024

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way.

Directory traversal

Esafenet CDG 5 SQLi via UniqueId in AutoSignService
CVE-2024-10376 9.8 - Critical - October 25, 2024

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument UniqueId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG5: Critical SQLi in DecryptApplicationService
CVE-2024-10377 9.8 - Critical - October 25, 2024

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2024-10069. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 SQLi via userId in ReUserOrganiseService
CVE-2024-10278 9.8 - Critical - October 23, 2024

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 SQLi in PrintPolicyService via policyId
CVE-2024-10279 9.8 - Critical - October 23, 2024

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG5 SQLi via UsbKeyAjax.java
CVE-2024-10277 9.8 - Critical - October 23, 2024

A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

Critical SQLi in ESAFENET CDG5 actionDelNetSecConfig (Remote)
CVE-2024-10135 8.8 - High - October 19, 2024

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects the function actionDelNetSecConfig of the file /com/esafenet/servlet/netSec/NetSecConfigService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 SQLi via connectLogout Remote
CVE-2024-10134 8.8 - High - October 19, 2024

A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is the function connectLogout of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the argument servername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

SQL Injection in ESAFENET CDG5 NetSecPolicyAjax (id/frontId)
CVE-2024-10133 8.8 - High - October 19, 2024

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG5 Critical SQLi in actionAddEncryptPolicyGroup
CVE-2024-10072 8.8 - High - October 17, 2024

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

SQL Injection via encryptPolicyId in ESAFENET CDG 5 EncryptPolicyService
CVE-2024-10071 8.8 - High - October 17, 2024

A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

Esafenet CDG 5 SQLi in MailDecryptApplicationService
CVE-2024-10069 8.8 - High - October 17, 2024

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG 5 Remote SQLi via actionPolicyPush (PolicyPushControlAction.java)
CVE-2024-10070 8.8 - High - October 17, 2024

A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

Critical SQLi in ESAFENET CDG V5 delCatelogs
CVE-2024-9560 8.8 - High - October 06, 2024

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

ESAFENET CDG V5 SQLi via fileId in MultiServerBackService
CVE-2024-9536 9.8 - Critical - October 05, 2024

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQL Injection

ESAFENET CDG v5: SQL Injection via NavigationAjax id parameter
CVE-2024-46510 - September 30, 2024

ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface