14 matches found
EUVD-2020-15234
Malware in sbrugna...
EUVD-2019-17283
Malware in sbrugna...
CVE-2020-22474
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion...
CVE-2025-46053
A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...
CVE-2025-46052
An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...
CVE-2025-46053
CVE-2025-46053 describes a SQL injection in WebERP v4.15.2. An attacker can inject crafted payloads into the ReportID and ReplaceReportID parameters of a POST to /reportwriter/admin/ReportCreator.php, allowing execution of arbitrary SQL commands and potential exposure of sensitive data. Affected ...
PT-2025-21285 · Weberp · Weberp
Name of the Vulnerable Software and Affected Versions: WebERP version 4.15.2 Description: An error-based SQL Injection SQLi vulnerability allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to...
CVE-2025-2715
A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatchInvoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It i...
CVE-2025-2715
A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatchInvoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It i...
CVE-2025-2715 timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting
A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatchInvoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It i...
CVE-2025-2715 timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting
A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatchInvoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It i...
CVE-2025-2715
The CVE-2025-2715 entry describes a cross-site scripting flaw affecting timschofield webERP up to 5.0.0.rc+13, in ConfirmDispatch_Invoice.php (Narrative parameter). Remote exploitation is possible; multiple sources note the vulnerability and advise applying a patch. The initial disclosure indicat...
webERP local file inclusion vulnerability (CNVD-2021-13935)
webERP is a free and open source ERP system that provides best practice, multi-user business management and accounting tools over the web. A local file inclusion vulnerability exists in webERP 4.15. The vulnerability stems from the ManualContents.php file allowing users to specify the "Language"...
webERP 4.11.3 SQL Injection
SQL Injection vulnerability in webERP SalesInquiry.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...