CVE-2025-13168 ury-erp ury pos_extend.py overrided_past_order_list sql injection
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...