Description

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.

Remediation

References

CVE-2018-19436

Related Vulnerabilities

Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)

Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)

Oracle JRE CVE-2014-0463 Vulnerability (CVE-2014-0463)

WordPress Plugin PollDeep Arbitrary File Upload (1.2)

WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22)

Severity

High

Classification

CVE-2018-19436 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities