CVE ID:

CVE-2019-5893

Details:

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.

References:

EXPLOIT-DB:46118
:https://www.exploit-db.com/exploits/46118/
:https://github.com/EmreOvunc/OpenSource-ERP-SQL-Injection

ZeroDayLab Assigned Tags:

INJECTION ATTACK
SQL INJECTION