Description
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.
Remediation
References
Related Vulnerabilities
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-5301)
WordPress Plugin WP-Forum 'sendmail.php' SQL Injection (1.7.8)
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003049)
MySQL CVE-2013-0368 Vulnerability (CVE-2013-0368)
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-8445)