Description
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
Remediation
References
Related Vulnerabilities
WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)
WordPress Plugin Buddypress Component Stats Local File Inclusion (1.0)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2021-3450)
WordPress Plugin WordPress Facebook SQL Injection (1.0.13)
WordPress Plugin GraceMedia Media Player Local File Inclusion (1.0)