Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

📄 Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 Build 135 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135...

VulnCheck KEV: CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

EUVD-2025-25201

Malicious code in bioql PyPI...

EUVD-2024-22493

Malicious code in bioql PyPI...

EUVD-2024-46511

Malicious code in bioql PyPI...

EUVD-2024-47692

Malicious code in bioql PyPI...

EUVD-2024-22492

Malicious code in bioql PyPI...

Fortra FileCatalyst 5.1.6 < 5.2.0 build 130 Unrestricted File Upload (fi-2025-010)

The version of Fortra FileCatalyst Workflow running on the remote host is 5.1.6 prior to 5.2.0 build 130. It is, therefore, is affected by a unrestricted file upload vulnerability as referenced in fi-2025-010 advisory. - Improper Access Control issue in the Workflow component of Fortra's...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-8450 Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-8450 Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-8450

The CVE-2025-8450 entry concerns Fortra FileCatalyst Workflow. The vulnerability arises from an Improper Access Control issue in the Workflow component that allows unauthenticated users to upload arbitrary files via the order forms page. Documents consistently identify this as an unrestricted fil...

PT-2025-33838 · Fortra · Fortra Filecatalyst

Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst versions affected versions not specified Description: An improper access control issue exists in the Workflow component of Fortra FileCatalyst. This allows unauthenticated users to upload arbitrary files via the order form...

Fortra FileCatalyst Workflow 安全漏洞

Fortra FileCatalyst Workflow is a file transfer management component from US-based Fortra. A security vulnerability exists in Fortra FileCatalyst Workflow that stems from improper access control and could allow an unauthenticated user to upload arbitrary files...

CVE-2024-25154

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 build 135 remote SQL injection exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135 PHP Code Injecti...

CVE-2024-25155

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

CVE-2024-5275

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle MiTM attack against users of the...