A SQL injection vulnerability in Fortra FileCatalyst Workflow versions 5.1.6 build 135 and earlier allows remote attackers, including anonymous ones, to exploit a SQL injection via the JOBID parameter. This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable. This module does not install an agent but instead creates an administrator user for FileCatalyst.s
CVE Link
Exploit Platform
Product Name