| TVN ID | TVN-202406001 |
|---|---|
| CVE ID | CVE-2024-5311 |
| CVSS | 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | EasyFlow .NET V5.x, V6.1.x, V6.6.x |
| Description | DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records. |
| Solution | Install patch for V5.x and V6.1.x (released on 2024/02/01 or later).Update V6.6.x to V6.6.16 or later version. |
| Credit | Cyku Hong(DEVCORE) |
| Public Date | 2024-06-03 |
:::