VYPR
Vendor

SIMPLE

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2026-1198HigFeb 26, 2026
    risk 0.56cvss epss 0.00

    SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in 6.30@A04.4_u06.

  • CVE-2024-8774HigMar 24, 2025
    risk 0.50cvss epss 0.00

    The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which…

  • CVE-2025-9339HigOct 21, 2025
    risk 0.46cvss epss 0.00

    SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a…

  • CVE-2019-8350MedMay 13, 2019
    risk 0.43cvss 6.6epss 0.00

    The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password…

  • CVE-2014-10020Jan 13, 2015
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.