A SQL injection vulnerability in Fortra FileCatalyst Workflow versions 5.1.6 build 135 and earlier allows remote attackers, including anonymous ones, to exploit a SQL injection via the JOBID parameter.
This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable.
This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable.
CVE Link
Exploit Platform
Product Name