Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WebERP 安全漏洞
Vulnerability Description
webERP是Tim Schofield个人开发者的一套开源的进销存与财务管理系统(ERP系统)。该系统支持库存管理、权限角色管理、订单管理和财务管理等。 WebERP v4.15.2版本存在安全漏洞,该漏洞源于reportwriter/admin/ReportCreator.php中的ReportID和ReplaceReportID参数存在SQL注入,可能导致执行任意SQL命令和提取敏感数据。
CVSS Information
N/A
Vulnerability Type
N/A