Description

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

Remediation

References

CVE-2019-7755

Related Vulnerabilities

WordPress Plugin Weather Effect-Christmas Santa Snow Falling Cross-Site Scripting (1.3.5)

WordPress Improper Input Validation Vulnerability (CVE-2008-4106)

Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27117)

WordPress Plugin Images to WebP Multiple Vulnerabilities (1.8)

WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6)

Severity

High

Classification

CVE-2019-7755 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities