June 28, 2024 at 07:12AM Fortra released patches for a critical SQL injection vulnerability (CVE-2024-5276, CVSS 9.8) in FileCatalyst Workflow version 5.1.6 Build 135 and earlier. This flaw could create administrative user accounts and modify application data. Tenable identified the issue and published PoC code for exploiting it. Fortra addressed the vulnerability in version 5.1.6 … Read more
March 18, 2024 at 10:09AM Fortra disclosed a critical security flaw in its FileCatalyst solution allowing unauthenticated attackers to achieve remote code execution by bypassing restrictions on file uploads. Tracked as CVE-2024-25153, the flaw received a CVSS score of 9.8 and was patched in FileCatalyst Workflow version 5.1.6 Build 114. Other vulnerabilities, CVE-2024-25154 and CVE-2024-25155, … Read more
March 18, 2024 at 06:45AM The PoC code is available for a critical vulnerability (CVE-2024-25153, CVSS score 9.8) in Fortra FileCatalyst Workflow. Attackers can execute arbitrary code through a directory traversal bug in the ‘ftpservlet’ component, potentially leading to web shell execution. SOCRadar warns of threat actor exploitation and advises prompt system updates. Additional details … Read more