CNNVD-202511-095 Information
CNNVD ID
CNNVD-202511-095
Related CVE
- CNNVD Published: 2025-11-03
Description (Chinese)
Digiwin EasyFlow .NET和Digiwin EasyFlow AiNet都是中国鼎新(Digiwin)公司的产品。Digiwin EasyFlow .NET是一款企业级工作流程管理(Workflow Management)平台。Digiwin EasyFlow AiNet是一个业务流程自动化平台。 Digiwin EasyFlow .NET和Digiwin EasyFlow AiNet存在SQL注入漏洞,该漏洞源于允许经过身份验证的远程攻击者注入任意SQL命令,可能导致读取数据库内容。
Description (English)
Digiwin EASYFlow.NET and Digiwin EASYFlow AiNet are products of the Chinese company Digiwin. Digiwin EASYFlow.NET is an enterprise-level workflow management (Workflow Management) platform. Digiwin EASYFlow AiNet is a business process automation platform. Digiwin EasyFlow.NET and Digiwin EasyFlow AiNet have an injection loophole in SQL, which stems from allowing a remote, identified assailant to inject any SQL order, which may lead to access to the database content.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
鼎新
Published
2025-11-03
Last Modified
2026-02-24
References
https://www.twcert.org.tw/en/cp-139-10476-c8448-2.html https://www.twcert.org.tw/tw/cp-132-10475-01c6d-1.html
Share on: