Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19435)

Description

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)

WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Local File Inclusion (1.3.6.2)

WordPress Plugin Invite Anyone PHP Object Injection (1.3.18)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0218)

WordPress Plugin Easy Forms for MailChimp Local File Inclusion (6.0.5.5)

Severity

High

Classification

CVE-2018-19435 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities