In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
References
Link | Resource |
---|---|
https://www.exploit-database.net/?id=101060 | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/46431/ | Broken Link |
https://www.weberp.org | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-30T16:49:28
Updated: 2020-03-30T16:49:27
Reserved: 2019-02-12T00:00:00
Link: CVE-2019-7755
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-30T17:15:14.017
Modified: 2020-04-02T18:23:21.780
Link: CVE-2019-7755
JSON object: View
Redhat Information
No data.
CWE