CVE-2026-5964
CriticalSummary
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Risk Assessment
This vulnerability poses a serious threat to the integrity and confidentiality of data within the organization, allowing attackers to manipulate database content.
Recommendation
It is recommended to update EasyFlow .NET to the latest version and implement security measures against SQL Injection, such as using parameters in SQL queries.
Original NVD description (English source)
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

