Description

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

Remediation

References

CVE-2018-19435

Related Vulnerabilities

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (2.1.5)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0285)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10268)

WordPress Plugin WPQA-Builder forms Addon For WordPress Insecure Direct Object Reference (5.9.2)

WordPress Plugin HTML5 Video Player with Playlist Multiple Cross-Site Scripting Vulnerabilities (2.40)

Severity

High

Classification

CVE-2018-19435 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities