Back

SQL Injection Vulnerability in EasyFlow .NET Exposes Databases to Attackers

Severity: High (Score: 61.5)

Sources: vulnerability.circl.lu, db.gcve.eu

Summary

EasyFlow .NET, developed by Digiwin, has been found to contain a SQL Injection vulnerability. This flaw allows unauthenticated remote attackers to inject arbitrary SQL commands, which can lead to unauthorized access, modification, and deletion of database contents. The vulnerability affects all instances of EasyFlow .NET that are not properly secured. Detection rules for identifying this vulnerability are available from Rulezet. As of today, there are no reports of active exploitation, but the potential for significant data breaches exists. Organizations using EasyFlow .NET are advised to assess their systems for this vulnerability. No specific CVE has been assigned yet, but the threat is considered serious due to the nature of SQL Injection attacks. Key Points: • EasyFlow .NET has a critical SQL Injection vulnerability allowing remote database access. • Unauthenticated attackers can exploit this flaw to manipulate database contents. • Detection rules are available from Rulezet for identifying the vulnerability.

Key Entities

  • Sql Injection (attack_type)
  • Cwe-89 - SQL Injection (cwe)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • EasyFlow .NET (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed