VYPR

InoERP

by InoERP

CVEs (3)

  • CVE-2019-16894CriSep 26, 2019
    risk 0.67cvss 9.8epss 0.03

    download.php in inoERP 4.15 allows SQL injection through insecure deserialization.

  • CVE-2020-28870CriFeb 10, 2021
    risk 0.64cvss 9.8epss 0.03

    In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.

  • CVE-2019-25312Feb 11, 2026
    risk 0.00cvss epss 0.00

    InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing…

VYPR — Vulnerability Intelligence