CVE-2019-7755

HIGH

webERP 4.15 - SQL Injection via MT940 Bank Statement Import

Title source: llm
STIX 2.1

Description

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

References (3)

Core 3
Core References
Broken Link x_refsource_misc
https://www.exploit-db.com/exploits/46431/
Broken Link x_refsource_misc
https://www.weberp.org
Exploit, Third Party Advisory x_refsource_misc
https://www.exploit-database.net/?id=101060

Scores

CVSS v3 8.8
EPSS 0.0213
EPSS Percentile 79.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
weberp/weberp 4.15
Published Mar 30, 2020
Tracked Since Feb 18, 2026