Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

📄 Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 Build 135 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135...

VulnCheck KEV: CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

EUVD-2025-25201

Malicious code in bioql PyPI...

EUVD-2024-47692

Malicious code in bioql PyPI...

Fortra FileCatalyst 5.1.6 < 5.2.0 build 130 Unrestricted File Upload (fi-2025-010)

The version of Fortra FileCatalyst Workflow running on the remote host is 5.1.6 prior to 5.2.0 build 130. It is, therefore, is affected by a unrestricted file upload vulnerability as referenced in fi-2025-010 advisory. - Improper Access Control issue in the Workflow component of Fortra's...

CVE-2025-8450

The CVE-2025-8450 entry concerns Fortra FileCatalyst Workflow. The vulnerability arises from an Improper Access Control issue in the Workflow component that allows unauthenticated users to upload arbitrary files via the order forms page. Documents consistently identify this as an unrestricted fil...

Fortra FileCatalyst Workflow 安全漏洞

Fortra FileCatalyst Workflow is a file transfer management component from US-based Fortra. A security vulnerability exists in Fortra FileCatalyst Workflow that stems from improper access control and could allow an unauthenticated user to upload arbitrary files...

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

Fortra FileCatalyst Workflow HSQLDB Static Password (CVE-2024-6633)

Binary data fortrafilecatalystworkflowcve-2024-6633.nbin...

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL databas...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6632

CVE-2024-6632 is a SQL injection vulnerability in FileCatalyst Workflow (versions 5.1.6 and earlier) exploitable via a field accessible to the super admin, leading to potential loss of confidentiality, integrity, and availability. Root cause: insufficient input validation in a form submission dur...

CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6633

CVE-2024-6633 affects FileCatalyst Workflow prior to 5.1.7 where the setup HSQLDB uses default credentials. The issue stems from a publicly published default password that enables remote access to the HSQLDB (default TCP port 4406), potentially allowing an attacker to gain admin privileges and ac...