InoERP
by InoERP
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16894 | Cri | 0.67 | 9.8 | 0.03 | Sep 26, 2019 | download.php in inoERP 4.15 allows SQL injection through insecure deserialization. | ||
| CVE-2020-28870 | Cri | 0.64 | 9.8 | 0.03 | Feb 10, 2021 | In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | ||
| CVE-2019-25312 | 0.00 | — | 0.00 | Feb 11, 2026 | InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing… |
- risk 0.67cvss 9.8epss 0.03
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
- risk 0.64cvss 9.8epss 0.03
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
- CVE-2019-25312Feb 11, 2026risk 0.00cvss —epss 0.00
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing…