CVE-2020-8967

CRITICAL

GESIO ERP < 11.2 - SQL Injection

Title source: llm
STIX 2.1

Description

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.

References (1)

Core 1

Scores

CVSS v3 10.0
EPSS 0.0103
EPSS Percentile 60.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
gesio/erp < 11.2
Published Jun 01, 2020
Tracked Since Feb 18, 2026