Description

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.

Remediation

References

CVE-2018-19434

Related Vulnerabilities

WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2)

WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-1071)

Liferay Portal CVE-2021-33330 Vulnerability (CVE-2021-33330)

Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1104)

Oracle Application Server CVE-2006-0286 Vulnerability (CVE-2006-0286)

Severity

High

Classification

CVE-2018-19434 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities