CVE-2018-25392
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...