Pjez-Qestit

**Name of the Vulnerable Software and Affected Versions** Umbraco Workflow versions prior to 10.3.9 Umbraco Workflow versions prior to 12.2.6 Umbraco Workflow versions prior to 13.0.6 **Description** The issue allows an Umbraco Backoffice user to modify requests to a particular API endpoint to include SQL, which will be executed by the server. This enables the execution of arbitrary SQL. **Recommendations** For Umbraco Workflow versions prior to 10.3.9, update to version 10.3.9 or later. For Umbraco Workflow versions prior to 12.2.6, update to version 12.2.6 or later. For Umbraco Workflow versions prior to 13.0.6, update to version 13.0.6 or later.