CVE-2022-32456

Publication date

2022-07-20 02:00:37

Family

twcert

State

PUBLISHED

Description

Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.