webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by i

An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract

A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function

In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusi

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, result

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatch

WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file,