Free Trial

CVE-2024-5311 : DIGIWIN EASYFLOW .NET UP TO 5.X/6.1X/6.6.15 INPUT SQL INJECTION

Description

DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.

References

https://www.twcert.org.tw/tw/cp-132-7844-52dad-1.html

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-5311 : DIGIWIN EASYFLOW .NET UP TO 5.X/6.1X/6.6.15 INPUT SQL INJECTION
CVE-2024-5311 : DIGIWIN EASYFLOW .NET UP TO 5.X/6.1X/6.6.15 INPUT SQL INJECTION

Contact us to get started

CVE-2024-33368 : PLASMOAPP RPSHARE FABRIC MOD 1.0.0 DOWNLOADPROMPTSCREEN BUILD OS COMMAND INJECTION

CVE-2024-33368 : PLASMOAPP RPSHARE FABRIC MOD 1.0.0 DOWNLOADPROMPTSCREEN BUILD OS COMMAND INJECTION

Description An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build

Learn more
CVE-2024-39275 : ADVANTECH ADAM-5630 UP TO 2.5.1 PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION

CVE-2024-39275 : ADVANTECH ADAM-5630 UP TO 2.5.1 PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION

Description Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with

Learn more
CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION

CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION

Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add

Learn more