Description

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.

Remediation

References

CVE-2018-19434

Related Vulnerabilities

Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

WordPress Plugin user files Arbitrary File Upload (2.4.2)

WordPress Plugin Light Post 'abspath' Parameter Remote File Include (1.4)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0738)

OpenSSL Double Free Vulnerability (CVE-2003-0545)

Severity

High

Classification

CVE-2018-19434 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities