Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.10 views

CVE-2019-7755

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection...

8.8CVSS7.7AI score0.0213EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:58 a.m.8 views

CVE-2018-20420

In webERP 4.15, ZCreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter...

5.5CVSS6.8AI score0.00962EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 a.m.8 views

CVE-2019-13292

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks...

9.8CVSS8.1AI score0.06509EPSS
Exploits1References1
OSV
OSV
added 2021/02/22 5:15 p.m.20 views

CVE-2020-22474

In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion...

6.5CVSS6.6AI score0.01012EPSS
Exploits1References1
NVD
NVD
added 2021/02/22 5:15 p.m.18 views

CVE-2020-22474

In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion...

6.5CVSS0.01012EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/06/20 12:0 a.m.95 views

WebERP 4.15 SQL Injection

Exploit Title: Blind SQL injection in WebERP. Date: June 10, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unserialize function. It can be deserialize...

Exploits0
Prion
Prion
added 2018/12/24 3:29 a.m.16 views

Directory traversal

In webERP 4.15, ZCreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter...

5.5CVSS5.2AI score0.00962EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/22 5:29 a.m.16 views

CVE-2018-19435

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter...

7.2CVSS8.2AI score0.01059EPSS
Exploits1References1
OSV
OSV
added 2018/11/22 5:29 a.m.24 views

CVE-2018-19436

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter...

7.2CVSS8.2AI score0.01059EPSS
Exploits1References1
Prion
Prion
added 2018/11/22 5:29 a.m.23 views

Sql injection

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter...

6.5CVSS7.5AI score0.01059EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/22 5:0 a.m.20 views

CVE-2018-19435

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter...

7.5AI score0.01059EPSS
Exploits1References1
CVE
CVE
added 2018/11/22 5:0 a.m.44 views

CVE-2018-19436

CVE-2018-19436 affects webERP v4.15, specifically the Manufacturing component. The vulnerability is a Blind SQL Injection in CollectiveWorkOrderCost.php exposed via the SearchParts parameter. This is documented across multiple feeds (NVD entry and mirrored records) and is described as a SQL injec...

7.2CVSS7.4AI score0.01059EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/22 5:0 a.m.21 views

CVE-2018-19436

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter...

7.5AI score0.01059EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/22 5:0 a.m.25 views

CVE-2018-19434

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear parameter...

7.5AI score0.01059EPSS
Exploits1References1
Rows per page
Query Builder