Description
An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.
Remediation
References
Related Vulnerabilities
Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)
Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)
Oracle JRE CVE-2014-0463 Vulnerability (CVE-2014-0463)
WordPress Plugin PollDeep Arbitrary File Upload (1.2)
WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22)