6 matches found
CVE-2025-13168
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...
CVE-2025-13168
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...
CVE-2025-13168 ury-erp ury pos_extend.py overrided_past_order_list sql injection
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...
CVE-2025-13168 ury-erp ury pos_extend.py overrided_past_order_list sql injection
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...
CVE-2025-13168
Summary : CVE-2025-13168 affects the ury-erp component “ury” up to version 0.2.0. The vulnerability stems from the function overrided_past_order_list in file ury/ury/api/pos_extend.py where improper handling of the search_term argument enables an SQL injection. This allows remote exploitation, an...
PT-2025-46957
Name of the Vulnerable Software and Affected Versions ury-erp ury versions up to 0.2.0 Description A weakness exists in ury-erp ury that allows for SQL injection. This issue is related to the manipulation of the search term argument within the overrided past order list function located in the fil...