Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:40002
HistoryMar 31, 2023 - 2:38 a.m.

SQL Injection

2023-03-3102:38:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerable software
sql injection
improper input sanitization
malicious queries
ordernumber parameter
customer_delivery.php
sales_delivery_db.inc

EPSS

0.002

Percentile

60.4%

JSON

notrinos/notrinos-erp is vulnerable to SQL Injection. The vulnerability exists because the $trans_no parameter is not properly sanitized in the adjust_shipping_charge function of sales_delivery_db.inc , which allows an attacker to inject and execute malicious SQL queries through the OrderNumber parameter in the customer_delivery.php endpoint.

Related

prion 1
osv 2
nvd 1
cve 1
packetstorm 1
cvelist 1
exploitdb 1
zdt 1
github 1
prion
prion
Sql injection
2023-03-23 21:15:00
osv
osv
NotrinosERP vulnerable to SQL Injection
2023-03-23 21:30:19
CVE-2023-24788
2023-03-23 21:15:19
nvd
nvd
CVE-2023-24788
2023-03-23 21:15:19
cve
cve
CVE-2023-24788
2023-03-23 21:15:19
packetstorm
packetstorm
NotrinosERP 0.7 SQL Injection
2023-04-10 00:00:00
cvelist
cvelist
CVE-2023-24788
2023-03-23 00:00:00
exploitdb
exploitdb
NotrinosERP 0.7 - Authenticated Blind SQL Injection
2023-04-07 00:00:00
zdt
zdt
NotrinosERP 0.7 - Authenticated Blind SQL Injection Exploit
2023-04-07 00:00:00
github
github
NotrinosERP vulnerable to SQL Injection
2023-03-23 21:30:19

EPSS

0.002

Percentile

60.4%

JSON
Related for VERACODE:40002
prion1osv2nvd1cve1packetstorm1cvelist1exploitdb1zdt1github1