EUVD-2026-23797
GHSA-q2rh-xrfv-8x3m
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
AnalysisAI
Critical SQL injection in Digiwin EasyFlow .NET allows unauthenticated remote attackers to execute arbitrary SQL commands against the application database. With maximum CVSS 4.0 score of 9.3 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability enables complete database compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all internal instances of Digiwin EasyFlow .NET and document versions currently deployed; isolate affected systems from external networks if possible pending patch availability. Within 7 days: Contact Digiwin for patch timeline and interim security guidance; implement network-level restrictions (IP whitelisting, WAF rules targeting SQL injection patterns) to limit attack surface. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today