CVE-2019-7755
HIGHwebERP 4.15 - SQL Injection via MT940 Bank Statement Import
Title source: llmDescription
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://www.exploit-db.com/exploits/46431/
Broken Link x_refsource_misc
https://www.weberp.org
Exploit, Third Party Advisory x_refsource_misc
https://www.exploit-database.net/?id=101060
Scores
CVSS v3
8.8
EPSS
0.0213
EPSS Percentile
79.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
weberp/weberp
4.15
Published
Mar 30, 2020
Tracked Since
Feb 18, 2026