CVE-2026-1198

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

CVE-2026-1198

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

CVE-2026-1198 SQL Injection in SIMPLE.ERP

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in [email protected]...

CVE-2026-1198

SIMPLE.ERP is affected by a SQL Injection in the search feature in the "Obroty na kontach" window. The issue arises from insufficient input validation, allowing an authenticated attacker to craft a query that could be executed by the database. The CVE entry notes a high impact (CVSS v4.0 base sco...

SIMPLE.ERP SQL注入漏洞

SIMPLE.ERP is an e-commerce platform provided by the SIMPLE company. Versions of SIMPLE.ERP prior to [email protected] contained a SQL injection vulnerability. This vulnerability stemmed from the lack of input validation in the search function, which could lead to SQL injection attacks...

CVE-2025-9339

SIMPLE.ERP CVE-2025-9339 is a SQL injection in the Warehouse Document Filter form fields, affecting versions before [email protected]. The vulnerability allows a logged-in user to inject queries with up to 20 characters; a confirmed use case could delete tables whose names are at most 6 characters long....

CVE-2024-8774 Privilege Escalation in SIMPLE.ERP

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

SIMPLE.ERP 安全漏洞

SIMPLE.ERP is an e-commerce platform from SIMPLE, Inc. A security vulnerability exists in SIMPLE.ERP versions 6.20 through 6.30, which stems from a superuser password stored in a recoverable format that allows any authenticated user to elevate privileges to the database administrator...