We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE

PUBLISHED

CVE-2024-4893

DigiWin EasyFlow .NET - SQL Injection

Assigner	twcert
Reserved	2024-05-15
Published	2024-05-15
Updated	2024-06-04

Description

DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.

CRITICAL: 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

3.x

affected

5.x

affected

6.1.x

affected

6.6.x before v6.6.15

affected

References

https://www.twcert.org.tw/tw/cp-132-7800-843f1-1.html third-party-advisory

https://www.twcert.org.tw/en/cp-139-7801-67d07-2.html third-party-advisory

cve.org CVE-2024-4893

nvd.nist.gov CVE-2024-4893

Download JSON

https://cve.threatint.com/CVE/CVE-2024-4893

Find us on

Data Privacy
Terms of Use

© Copyright 2024 THREATINT. Made in Cyprus with ❤ + ☼