St. Joe ERP system - SQL Injection

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

Apache OFBiz 路径遍历漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a path traversal vulnerability. This vulnerability was due to imprope...

Apache OFBiz 注入漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a vulnerability related to injections. This vulnerability stemmed from...

Apache OFBiz 跨站脚本漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had a cross-site scripting vulnerability; this vulnerability was due to imprope...

CVE-2026-34256

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

production_ssm 安全漏洞

productionssm is an ERP system developed by MegaGao’s individual developers, utilizing technologies such as Spring+SpringMVC+Mybatis, along with jQuery EasyUI. Version 1.0 of productionssm contains a security vulnerability. This vulnerability stems from the authorization bypass that occurs when...

CVE-2018-25174

ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to configurarperfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and...

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

CVE-2026-2998

The CVE-2026-2998 entry concerns the ERP product developed by eAI Technologies and describes a DLL Hijacking vulnerability. According to the provided documents, an authenticated local attacker can place a crafted DLL file in the same directory as the ERP executable, leading to arbitrary code exec...

EUVD-2025-199651

An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...

CVE-2025-13168

A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

EUVD-2022-42545

Malicious code in bioql PyPI...

EUVD-2025-6678

Malicious code in bioql PyPI...

EUVD-2021-31677

Malicious code in bioql PyPI...

EUVD-2021-31676

Malicious code in bioql PyPI...

EUVD-2021-31678

Malicious code in bioql PyPI...

CVE-2025-58439 ERP: Possibility of SQL injection due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions...

CVE-2025-29267

SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request...

SQL Injection Vulnerability in UFIDA NC65 of UFIDA Network Technology Co.

UFIDA NC65 is a group-level ERP system for medium and large enterprises. A SQL injection vulnerability exists in UFIDA NC65, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in the ERP System of Shanghai Qiwang Information Technology Co.

Ltd. is a company that specializes in providing high-end intelligent manufacturing management solutions for the packaging and printing industry. Ltd. ERP system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...