PT-2026-44870

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log activity function. Attackers can send POST requests to /index.php/user/log activity with malicious SQL code ...

CVE-2025-9339

SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6...

File Upload Vulnerability in UFIDA U8+ at UFIDA Network Technology Co.

UFIDA U8+ is a complete enterprise-level ERP software. A file upload vulnerability exists in UFIDA U8+, which can be exploited by attackers to upload malicious files and gain server privileges...

Zucchetti Ad Hoc Infinity 跨站脚本漏洞

Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A cross-site scripting vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4, which originates from cross-site scripting in the /servlet/gsdmfsavehtmltmp and /servlet/gsdmbtlkopenfile components and could lead to remote code...

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Enterprise Resource Planning ERP Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critic...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11132)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencymodify.php page. An attacker coul...

FacturaScripts Cross-Site Scripting Vulnerability (CNVD-2022-76230)

FacturaScripts is an ERP software. cross-site scripting vulnerability exists in versions prior to FacturaScripts 2022.07, which can be exploited by attackers to execute arbitrary javascript code, steal user cookies, execute HTTP requests, obtain "same-origin " page content, etc...

GHSA-8WP2-VXPG-XCVP Cross site scripting in facturascripts

facturasripts is an open source ERP software. Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can...

SAP Business One Information Disclosure Vulnerability (CNVD-2022-58469)

SAP Business One is a scalable ERP software from SAP that can help small businesses take greater control of themselves and streamline processes. The vulnerability can be exploited to obtain valuable guidance or public sensitive user information...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2021-39954)

Oracle E-Business Suite is in the original Application ERP based on the expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on a variety of management software collection, is seamlessly integrated with a management...

Huaxia ERP suffers from SQL injection vulnerability (CNVD-2021-28476)

Huaxia ERP based on SpringBoot framework and SaaS model , to provide open source ERP software for small and medium-sized enterprises , currently focusing on sales and marketing inventory + financial + production functions . Huaxia ERP has a SQL injection vulnerability, which can be exploited by...

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning ERP system. Tracked as CVE-2021-26295, the flaw affects all versions of t...

Kingdee KIS Professional Edition has a power lifting vulnerability

Kingdee KIS is an ERP software, ERP system integrates supply chain management, financial management, human resource management, customer relationship management, office automation, business analysis, mobile commerce, integrated interfaces and industry plug-ins and other business management...

ERPNext frappe.desk.reportview.get SQL injection vulnerability

Talos Vulnerability Report TALOS-2020-1091 ERPNext frappe.desk.reportview.get SQL injection vulnerability August 18, 2020 CVE Number CVE-2020-6145 SUMMARY An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can...

CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 Recent assessments: wvu-r7 at August 13, 2020 8:00pm UTC reported: Pre-auth RCE in ERP software that’s free and isn’t SAP? Sweet. And it’s a long-standing Apache project that’s often...

PhreeBooks ERP 5.2.3 - Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: PhreeBooks ERP 5.2.3 - Remote Command Execution Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.3 Category:...

MaxOn ERP Software 8.x-9.x - nomor SQL Injection

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...

MaxOn ERP Software 8.x / 9.x SQL Injection

Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...