DigiWin EasyFlow .NET lacks validation for certain input...
Critical severity
Unreviewed
Published
Jun 3, 2024
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
Jun 3, 2024
Published to the GitHub Advisory Database
Jun 3, 2024
DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.
References