Description
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Forum 'forum_feed.php' SQL Injection (1.7.8)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2643)
WordPress Plugin Tweet Wheel Spam (0.3)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11111)
WordPress Plugin Custom Admin Page by BestWebSoft Cross-Site Scripting (0.1.1)