Description

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

Remediation

References

CVE-2019-7755

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2007-1001)

WordPress Plugin Rating by BestWebSoft Cross-Site Scripting (0.1)

WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.5.2)

WordPress Plugin Youtube Feeder Cross-Site Request Forgery (2.0.1)

Grafana CVE-2023-4399 Vulnerability (CVE-2023-4399)

Severity

High

Classification

CVE-2019-7755 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities