CVE-2025-12503
- EPSS 0.05%
- Veröffentlicht 03.11.2025 06:51:55
- Zuletzt bearbeitet 04.11.2025 15:41:31
EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-11949
- EPSS 0.1%
- Veröffentlicht 21.10.2025 06:49:56
- Zuletzt bearbeitet 21.10.2025 19:31:25
EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.
CVE-2024-7323
- EPSS 0.36%
- Veröffentlicht 02.08.2024 11:16:44
- Zuletzt bearbeitet 11.09.2024 14:22:46
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remo...
CVE-2024-5311
- EPSS 0.69%
- Veröffentlicht 03.06.2024 07:15:10
- Zuletzt bearbeitet 21.11.2024 09:47:24
DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.
CVE-2024-4893
- EPSS 0.59%
- Veröffentlicht 15.05.2024 03:15:14
- Zuletzt bearbeitet 21.11.2024 09:43:48
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system co...