Description

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.

Remediation

References

CVE-2018-19434

Related Vulnerabilities

WordPress Plugin Beer Recipes Cross-Site Scripting (1.0)

Oracle JRE CVE-2017-10345 Vulnerability (CVE-2017-10345)

Apache Tomcat CVE-2022-29885 Vulnerability (CVE-2022-29885)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-7943)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.91)

Severity

High

Classification

CVE-2018-19434 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities