exploitDog

CVE-2025-46053

Опубликовано: 15 мая 2025

Источник: nvd

CVSS3: 5.1

EPSS Низкий

Описание

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php

Ссылки

https://github.com/johnchd/CVEs/blob/main/WebERP/CVE-2025-46053%20-%20SQLi.md
Exploit
Third Party Advisory
https://www.weberp.org/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weberp:weberp:4.15.2:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00036

Низкий

5.1 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-775f-97x4-x974

CVSS3: 5.1

github

9 месяцев назад

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php

EPSS

Процентиль: 11%

0.00036

Низкий

5.1 Medium

CVSS3

Дефекты

CWE-89