Description

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

Remediation

References

CVE-2019-7755

Related Vulnerabilities

WordPress Plugin Travel Management Privilege Escalation (1.5)

WordPress Plugin Click to Copy Grab Box Multiple Cross-Site Scripting Vulnerabilities (0.1.1)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1617)

MySQL CVE-2021-35632 Vulnerability (CVE-2021-35632)

Severity

High

Classification

CVE-2019-7755 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities