Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.
CPE | Name | Operator | Version |
---|---|---|---|
business_process_management | lt | 5.8.8.1 |