WebERP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-46052 - Vulnerability Database

WebERP

WebERP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2025-46052

Critical

Reference: CVE-2025-46052

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-46052

Title: WebERP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php