Description

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

Remediation

References

CVE-2018-19435

Related Vulnerabilities

WordPress Plugin Media Library Categories 'termid' Parameter SQL Injection (1.0.6)

Oracle JRE CVE-2013-5824 Vulnerability (CVE-2013-5824)

MySQL CVE-2020-2930 Vulnerability (CVE-2020-2930)

WordPress Plugin Broken Link Manager Cross-Site Scripting (0.5.5)

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)

Severity

High

Classification

CVE-2018-19435 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities