Description

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

Remediation

References

CVE-2018-19435

Related Vulnerabilities

IBM RTC Other Vulnerability (CVE-2015-0112)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)

WordPress Plugin Quick Event Manager Cross-Site Scripting (9.6.4)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7414)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)

Severity

High

Classification

CVE-2018-19435 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities