Description

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

Remediation

References

CVE-2019-7755

Related Vulnerabilities

WordPress Plugin VM Backups Cross-Site Request Forgery (1.0)

WordPress Plugin Keyword Meta Cross-Site Request Forgery (3.0)

Oracle Database Server CVE-2015-4888 Vulnerability (CVE-2015-4888)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20507)

Oracle Database Server CVE-2010-0911 Vulnerability (CVE-2010-0911)

Severity

High

Classification

CVE-2019-7755 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities