Fortra this week announced patches for a critical-severity SQL injection vulnerability in FileCatalyst Workflow that could allow attackers to create administrative user accounts.
Tracked as CVE-2024-5276 (CVSS score of 9.8) and affecting FileCatalyst Workflow version 5.1.6 Build 135 and earlier, the issue could also be exploited to modify application data, Fortra noted in an advisory.
“Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required,” the company explained.
According to cybersecurity company Tenable, which identified the security defect, CVE-2024-5276 exists because a user-supplied jobID is used when forming the ‘Where’ clause in an SQL query.
“An anonymous remote attacker can perform SQLi via the jobID parameter in various URL endpoints of the workflow web application,” Tenable said.
The cybersecurity firm also published proof-of-concept (PoC) code that triggers the SQL injection, creates a new administrative account with the password set to ‘password123’, and allows a remote attacker to log in to the newly created account.
An enterprise software solution for transferring large files across global networks, FileCatalyst relies on the UDP protocol for fast transfers and integrates with popular cloud storage services. FileCatalyst Workflow is the solution’s web portal component, enabling users to share, track, and modify files.
Fortra addressed the vulnerability in FileCatalyst Workflow version 5.1.6 build 139. Users are advised to update their instances as soon as possible, as Fortra’s streamlined file transfer solutions have been targeted in malicious attacks.
In January last year, hackers associated with the Cl0p ransomware operation exploited a zero-day vulnerability in the company’s GoAnywhere managed file transfer (MFT) software, stealing data belonging to dozens of organizations.
Related: PoC Published for Critical Fortra Code Execution Vulnerability
Related: PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability
Related: Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager
Related: Sumo Logic Completes Investigation Into Recent Security Breach
