A SQL Injection issue exists in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
weberp weberp 4.15 |