VYPR

ERP

by Jerryhanjj

CVEs (16)

  • CVE-2020-8967CriJun 1, 2020
    risk 0.65cvss 10.0epss 0.01

    There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.

  • CVE-2019-25446HigFeb 22, 2026
    risk 0.53cvss 8.2epss 0.00

    DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL…

  • CVE-2019-25440HigFeb 22, 2026
    risk 0.53cvss 8.2epss 0.00

    WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id values to extract…

  • CVE-2026-2998HigFeb 23, 2026
    risk 0.51cvss 7.8epss 0.00

    ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code.

  • CVE-2022-3878HigNov 7, 2022
    risk 0.48cvss 7.3epss 0.01

    A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2026-34256HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is…

  • CVE-2020-37022MedJan 30, 2026
    risk 0.42cvss 6.4epss 0.00

    OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules.

  • CVE-2025-14089MedDec 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote.…

  • CVE-2022-3944MedNov 11, 2022
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted…

  • CVE-2022-30076MedApr 16, 2023
    risk 0.38cvss 5.3epss 0.04

    ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

  • CVE-2025-60982MedOct 27, 2025
    risk 0.35cvss 5.4epss 0.00

    IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by…

  • CVE-2020-6212MedApr 24, 2020
    risk 0.35cvss 5.4epss 0.01

    Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing…

  • CVE-2019-14362MedJul 28, 2019
    risk 0.35cvss 5.4epss 0.02

    Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.

  • CVE-2020-6316MedNov 10, 2020
    risk 0.28cvss 4.3epss 0.01

    SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

  • CVE-2025-50565Sep 2, 2025
    risk 0.00cvss epss 0.00

    Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filtering of user input, which can be remotely initiated by an attacker.

  • CVE-2025-29390Apr 9, 2025
    risk 0.00cvss epss 0.00

    jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php.