41 matches found
inoERP form personalization module command execution
Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...
inoERP form personalization module command execution
Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...
InoERP 0.7.2 Remote Code Execution
!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....
InoERP 0.7.2 - Remote Code Execution (Unauthenticated)
!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....
InoERP 0.7.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CV...
InoERP 0.7.2 Cross Site Scripting
Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...
InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 - Persistent Cross-Site Scripting Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kal...
InoERP 0.7.2 - Persistent Cross-Site Scripting
Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
Sql injection
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
CVE-2019-16894
CVE-2019-16894 concerns inoERP 4.15, where download.php is vulnerable to SQL injection via insecure deserialization. The root cause is insecure handling of serialized data in the download path, enabling an attacker to manipulate SQL queries and potentially extract or alter data. The vulnerability...
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...
inoERP 4.15 - (download) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: inoERP 4.15 - 'download' SQL Injection Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
inoERP 4.15 SQL Injection
Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized as an array without any...
inoERP 4.15 - 'download' SQL Injection
Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized without any sanitization...
inoERP 4.15 - download SQL Injection
inoERP 4.15 - download SQL Injection Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
inoERP 0.6.1 CSRF / XSS / SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2017-01-25 === inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Session...
inoERP 0.6.1 - Multiple Vulnerabilities
inoERP version 0.6.1 suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities. inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site...
inoERP 0.6.1 - Cross-Site Scripting Cross-Site Request Forgery SQL Injection Session Fixation
inoERP 0.6.1 - Cross-Site Scripting Cross-Site Request Forgery SQL Injection Session Fixation === FOXMOLE - Security Advisory 2017-01-25 === inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site...