Digiwin|SFT – SQL Injection

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title Digiwin|SFT – SQL Injection
Type cve
Published 2025-07-21T06:48:18.831Z
Modified 2025-07-21T07:00:09.073Z

Product Information

Vendor Digiwin
Product SFT
Version 0

CVSS Information

Base Score 9.3 (CRITICAL)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

AI Analysis

AI Description A SQL Injection vulnerability in Digiwin’s SFT allows unauthenticated attackers to inject arbitrary SQL commands, potentially enabling unauthorized access, modification, or deletion of database contents.
AI Severity Critical
AI Vendor Digiwin
AI Product SFT
AI Version Version not specified

Affected Products

  • Digiwin SFT 0

Additional Information

CWE List CWE-89
Source twcert

Description

The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.