CVE-2026-5963 CRITICAL

CVE-2026-5963: Digiwin|EasyFlow .NET - SQL Injection

Vendor Digiwin
Product EasyFlow .NET
Weakness CWE-89 · SQLi
Published April 20, 2026
Last update April 20, 2026
View on NVD All CVEs

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Key dates

02Disclosure timeline

April 20, 2026 CVE published
April 20, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-2674 PHPGurukul Bank Locker Management System aboutus.php sql injection CVE-2023-1379 SourceCodester Friendly Island Pizza Website and Ordering System POST Parameter addmem.php sql injection CVE-2025-46337 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method CVE-2026-5552 PHPGurukul Online Shopping Portal Project Parameter sub-category.php sql injection CVE-2024-0610 Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection