Description
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Twenty20 Image Before-After Malicious Code (1.6.3)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3401)
WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.2)
WordPress Plugin MailPoet Newsletters (Previous) Multiple Unspecified Vulnerabilities (2.7.1)
Oracle Database Server CVE-2006-3703 Vulnerability (CVE-2006-3703)