CVE-2021-27828

CRITICAL

In4Suite ERP <3.2.74.1370 - SQL Injection

Title source: llm

Description

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

Exploits (1)

exploitdb WORKING POC

by Gulab Mondal · textwebappsmultiple

https://www.exploit-db.com/exploits/49884

View Code ZIP pw:eip

References (2)

[Product, Vendor Advisory] https://www.in4velocity.com/in4suite-erp.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49884

Scores

CVSS v3 9.1

EPSS 0.0088

EPSS Percentile 75.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

in4velocity/in4suite_erp 3.2.74.1370

Published Jun 01, 2021

Tracked Since Feb 18, 2026