CVE-2025-46053

Published May 15th, 2025

View on NVD ↗

CVSS v3

5.1

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php

johnchd/CVEs

GitHub