Description

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.

Remediation

References

CVE-2018-19434

Related Vulnerabilities

GlassFish CVE-2011-0807 Vulnerability (CVE-2011-0807)

Oracle Database Server CVE-2009-1971 Vulnerability (CVE-2009-1971)

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)

WordPress Multiple Vulnerabilities (0.70 - 3.6.1)

WordPress Plugin Appointments Scheduler Cross-Site Scripting (1.5)

Severity

High

Classification

CVE-2018-19434 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities