THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-4893

DigiWin EasyFlow .NET - SQL Injection

Reserved:2024-05-15
Published:2024-05-15
Updated:2024-05-24

Description

DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.



CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

3.x
affected

5.x
affected

6.1.x
affected

6.6.x before v6.6.15
affected

References

https://www.twcert.org.tw/tw/cp-132-7800-843f1-1.html third-party-advisory

https://www.twcert.org.tw/en/cp-139-7801-67d07-2.html third-party-advisory

cve.org CVE-2024-4893

nvd.nist.gov CVE-2024-4893

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-4893