Fortra disclosed a critical-severity SQL injection flaw in FileCatalyst Workflow, and researchers have also published a proof-of-concept exploit code for the bug.