CVE-2023-24788

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customerdelivery.php...

SQL Injection

notrinos/notrinos-erp is vulnerable to SQL Injection. The vulnerability exists because the $transno parameter is not properly sanitized in the adjustshippingcharge function of salesdeliverydb.inc , which allows an attacker to inject and execute malicious SQL queries through the OrderNumber...

Sql injection

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customerdelivery.php...

CVE-2023-24788

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customerdelivery.php...

CVE-2023-24788

NotrinosERP v0.7 contains a SQL injection vulnerability exploitable via the OrderNumber parameter in /NotrinosERP/sales/customer_delivery.php. The vulnerability is described as an authenticated, blind (time-based) SQLi on the OrderNumber GET parameter, allowing an attacker with valid session to i...

notrinoserp SQL注入漏洞

notrinoserp is a web-based ERP by Phương Individual Developer, an accounting system written in PHP and MySql. A SQL injection vulnerability exists in notrinoserp version 0.7, which originates from the OrderNumber parameter in /NotrinosERP/sales/customerdelivery.php contains a SQL injection...

Unfixed XSS vulnerability at secure.instantssl.com

Security researcher Fabian Fingerle, has submitted on 04/08/2008 a cross-site-scripting XSS vulnerability affecting secure.instantssl.com, which at the time of submission ranked 47936 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/08/2008. ...