CVE-2022-32456

CRITICAL

Digiwin Business Process Management < 5.8.8.1 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-6286-3030a-1.html

Scores

CVSS v3 9.8
EPSS 0.0132
EPSS Percentile 67.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
digiwin/business_process_management < 5.8.8.1
Published Jul 20, 2022
Tracked Since Feb 18, 2026