Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19435)

Description

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

Remediation

References

Related Vulnerabilities

WeBid Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47397)

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files Multiple Vulnerabilities (1.7.6)

Python Improper Input Validation Vulnerability (CVE-2013-7338)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)

WordPress Plugin WP-RecentComments 'page' Parameter Cross-Site Scripting (2.0.6)

Severity

High

Classification

CVE-2018-19435 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities