CVE-2019-7755 Information

Description

In webERP 4.15 the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files resulting in the execution of arbitrary SQL queries aka SQL Injection.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.exploit-database.net/?id=101060 https://www.exploit-db.com/exploits/46431/ https://www.weberp.org

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8