Arvandy

5 exploits Active since Mar 2023
CVE-2023-2744 NOMISEC HIGH WORKING POC
WP ERP < 1.12.4 - Authenticated SQL Injection via ERP Accounting People Endpoint
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
1 stars
CVSS 7.2
CVE-2023-24788 WRITEUP HIGH WORKING POC
NotrinosERP 0.7 - SQL Injection via OrderNumber Parameter
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
CVSS 8.8
CVE-2023-29842 WRITEUP HIGH WORKING POC
ChurchCRM 4.5.4 - Blind SQL Injection via EN_tyid POST Parameter
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
CVSS 8.8
CVE-2023-24788 EXPLOITDB HIGH python WORKING POC
NotrinosERP 0.7 - SQL Injection via OrderNumber Parameter
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
CVSS 8.8
CVE-2023-24787 EXPLOITDB python WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-24685. Reason: This record is a duplicate of CVE-2023-24685. Notes: All CVE users should reference CVE-2023-24685 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.