Description

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.

Remediation

References

CVE-2018-19434

Related Vulnerabilities

WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)

WordPress Plugin WP Symposium Arbitrary File Upload Vulnerabilities (11.11.26)

Oracle Application Server Other Vulnerability (CVE-2004-1365)

Drupal Core 8.x.x Security Bypass (8.0.0 - 8.7.14)

phpList Incorrect Comparison Vulnerability (CVE-2020-23361)

Severity

High

Classification

CVE-2018-19434 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities