Unknown · Archibus Web Central · CVE-2022-28862
**Name of the Vulnerable Software and Affected Versions**
Archibus Web Central versions prior to 26.2
**Description**
The issue allows for SQL Injection vulnerabilities in the "dwr/call/plaincall/workflow.runWorkflowRule.dwr" endpoint. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized operations against the remote database.
**Recommendations**
For versions prior to 26.2, update to version 26.2 or a more recent version to resolve the issue. As a temporary workaround, consider restricting access to the "dwr/call/plaincall/workflow.runWorkflowRule.dwr" endpoint until a patch is applied.