SQL Injection
notrinos/notrinos-erp is vulnerable to SQL Injection. The vulnerability exists because the $transno parameter is not properly sanitized in the adjustshippingcharge function of salesdeliverydb.inc , which allows an attacker to inject and execute malicious SQL queries through the OrderNumber...