TVN ID	TVN-202306004
CVE ID	CVE-2023-32754
CVSS	9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products	Efence 1.2.59 DB.ver 36
Description	Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
Solution	Update Efence version to 1.2.59 DB.ver 41
Credit	潘予德、何雨蓁 (華電聯網)
Public Date	2023-06-16