Description
An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)
WordPress Plugin Advanced Custom Fields PRO PHP Object Injection (6.0.7)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2015-1399)
WordPress Plugin SMS Alert Order Notifications-WooCommerce Cross-Site Scripting (3.4.6)
WordPress Plugin WP Selected Text Sharer Multiple Vulnerabilities (1.0)