CVE-2022-32456

Summary

Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.

Affected Software

VendorProductVersion RangeStatus
Data Systems Consulting Co., Ltd.BPMunspecified <= 5.8.6.1affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References