Description
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
Remediation
References
Related Vulnerabilities
Django Improper Certificate Validation Vulnerability (CVE-2020-13254)
Moodle Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2025-67851)
WordPress Plugin Calendar Event Multi View SQL Injection (1.01)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2203)