VYPR

InoERP

by InoERP

CVEs (3)

  • CVE-2019-16894CriSep 26, 2019
    risk 0.67cvss 9.8epss 0.03

    download.php in inoERP 4.15 allows SQL injection through insecure deserialization.

  • CVE-2020-28870CriFeb 10, 2021
    risk 0.64cvss 9.8epss 0.03

    In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.

  • CVE-2019-25312Feb 11, 2026
    risk 0.00cvss epss 0.00

    InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing…