Digiwin

digiwin

6 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Business Process Management

business_process_management

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-5964 1Digiwin 1Easyflow .net May 12, 2026 Apr 20, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2026-5963 1Digiwin 1Easyflow .net May 12, 2026 Apr 20, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-7323 1Digiwin 1Easyflow .net Sep 11, 2024 Aug 2, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download...Show more Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .Show less
CVE-2022-32458 1Digiwin 1Business Process Management Nov 21, 2024 Jul 20, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.
CVE-2022-32457 1Digiwin 1Business Process Management Nov 21, 2024 Jul 20, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.
CVE-2022-32456 1Digiwin 1Business Process Management Nov 21, 2024 Jul 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.