2 matches found
CVE-2019-16894
CVE-2019-16894 concerns inoERP 4.15, where download.php is vulnerable to SQL injection via insecure deserialization. The root cause is insecure handling of serialized data in the download path, enabling an attacker to manipulate SQL queries and potentially extract or alter data. The vulnerability...
CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization...