WebERP SQL injection Vulnerability Description
- Author: YU-HSIANG HUANG, YUNG-HAO TSENG, Eddie TC CHANG
- Contact: firstname.lastname@example.org; email@example.com; firstname.lastname@example.org
- Product: webERP 4.15
- Last updated: 2018/05/21
- Official Website: http://www.weberp.org/
- Github: https://github.com/webERP-team/webERP
CollectiveWorkOrderCost.php have SQL Injection vulnerability in
SearchParts parameter, here will be to guess the database version and user as an example.
Here we insert SQL Injection Payload after the
The webERP is a very popular ERP software in Asia. This is a very serious problem, because attackers can quickly obtain sensitive information about enterprise ERP.