AI Score
Confidence
High
EPSS
Percentile
66.4%
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
www.exploit-database.net/?id=101060
www.exploit-db.com/exploits/46431/
www.weberp.org