6 matches found
CVE-2026-25514
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...
CVE-2026-25513 FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The...
CVE-2026-25513
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The...
CVE-2026-25513
CVE-2026-25513 – FacturaScripts SQL Injection in API ORDER BY . The issue exists in FacturaScripts prior to version 2025.81, where the REST API sorts results using user-supplied values in ModelClass::getOrderBy(), directly concatenating them into the ORDER BY clause. This allows authenticated API...
CVE-2026-25513 FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The...
PT-2026-6306
Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description FacturaScripts is enterprise resource planning and accounting software. Versions prior to 2025.81 contain a critical SQL injection issue in the autocomplete functionality. Authenticated...