CVE-2024-5311

Summary

DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.

Affected Software

VendorProductVersion RangeStatus
DigiWinEasyFlow .NET5.xaffected
DigiWinEasyFlow .NET6.1.xaffected
DigiWinEasyFlow .NET6.6.x < 6.6.16affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References