WebERP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-19436 - Vulnerability Database

WebERP

WebERP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-19436

High

Reference: CVE-2018-19436

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-19436

Title: WebERP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.