Описание
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
Ссылки
- ExploitThird Party Advisory
- Broken Link
- Broken Link
- ExploitThird Party Advisory
- Broken Link
- Broken Link
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:weberp:weberp:4.15:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00621
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
EPSS
Процентиль: 70%
0.00621
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89