Description
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0372)
WordPress Plugin XVE Various Embed Multiple Cross-Site Scripting Vulnerabilities (1.0.3)
WordPress Plugin Jibu Pro Cross-Site Scripting (1.7)
WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)