Lucene search
K

41 matches found

Saint
Saint
added 2020/10/28 12:0 a.m.121 views

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

8.2AI score
Exploits0
Saint
Saint
added 2020/10/28 12:0 a.m.36 views

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/26 12:0 a.m.428 views

InoERP 0.7.2 Remote Code Execution

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/26 12:0 a.m.335 views

InoERP 0.7.2 - Remote Code Execution (Unauthenticated)

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....

7.4AI score
Exploits0
0day.today
0day.today
added 2019/09/30 12:0 a.m.52 views

InoERP 0.7.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CV...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/27 12:0 a.m.122 views

InoERP 0.7.2 Cross Site Scripting

Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/09/27 12:0 a.m.26 views

InoERP 0.7.2 - Persistent Cross-Site Scripting

InoERP 0.7.2 - Persistent Cross-Site Scripting Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kal...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/27 12:0 a.m.243 views

InoERP 0.7.2 - Persistent Cross-Site Scripting

Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

7.4AI score
Exploits0
NVD
NVD
added 2019/09/26 4:15 p.m.13 views

CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

9.8CVSS9.9AI score0.03022EPSS
Exploits1References1
OSV
OSV
added 2019/09/26 4:15 p.m.2 views

CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

9.8CVSS7.3AI score0.03022EPSS
Exploits1References1
Prion
Prion
added 2019/09/26 4:15 p.m.14 views

Sql injection

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

7.5CVSS9.8AI score0.03022EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/26 2:34 p.m.83 views

CVE-2019-16894

CVE-2019-16894 concerns inoERP 4.15, where download.php is vulnerable to SQL injection via insecure deserialization. The root cause is insecure handling of serialized data in the download path, enabling an attacker to manipulate SQL queries and potentially extract or alter data. The vulnerability...

9.8CVSS9.8AI score0.03022EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/26 2:34 p.m.20 views

CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization...

9.9AI score0.03022EPSS
Exploits1References1
0day.today
0day.today
added 2019/09/26 12:0 a.m.80 views

inoERP 4.15 - (download) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: inoERP 4.15 - 'download' SQL Injection Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/26 12:0 a.m.142 views

inoERP 4.15 SQL Injection

Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized as an array without any...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2019/09/26 12:0 a.m.212 views

inoERP 4.15 - 'download' SQL Injection

Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized without any sanitization...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/09/26 12:0 a.m.32 views

inoERP 4.15 - download SQL Injection

inoERP 4.15 - download SQL Injection Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/03/27 12:0 a.m.68 views

inoERP 0.6.1 CSRF / XSS / SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2017-01-25 === inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Session...

0.3AI score
Exploits0
0day.today
0day.today
added 2017/03/27 12:0 a.m.29 views

inoERP 0.6.1 - Multiple Vulnerabilities

inoERP version 0.6.1 suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities. inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site...

8.1AI score
Exploits0
exploitpack
exploitpack
added 2017/03/27 12:0 a.m.15 views

inoERP 0.6.1 - Cross-Site Scripting Cross-Site Request Forgery SQL Injection Session Fixation

inoERP 0.6.1 - Cross-Site Scripting Cross-Site Request Forgery SQL Injection Session Fixation === FOXMOLE - Security Advisory 2017-01-25 === inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site...

0.4AI score
Exploits0
Rows per page
Query Builder