CVE-2011-4672

Name of the Vulnerable Software and Affected Versions Valid tiny-erp versions 1.6 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to several API endpoints, including "/ partner list.php", "/proioncategory list.php", "/ rantevou list.php", "/syncategory list.php", "/synallasomenos list.php", "/ypelaton list.php", and "/yproion list.php".

Recommendations For versions 1.6 and earlier, consider restricting access to the vulnerable API endpoints until a patch is available. As a temporary workaround, avoid using the SearchField parameter in search actions to minimize the risk of exploitation.