CVE-2024-5311

Publication date

2024-06-03 06:26:52

Family

twcert

State

PUBLISHED

Description

DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.