In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
weberp weberp 4.15 |