Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2020-28870

Disclosure Date: February 10, 2021 (last updated February 22, 2025)
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
Attacker Value
Unknown

CVE-2019-16894

Disclosure Date: September 26, 2019 (last updated November 27, 2024)
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.