Semen Alexandrovich Lyhin

#11289of 53,635
24.4Total CVSS
Vulnerabilities · 3
Medium
1
Critical
2
PT-2019-14850
9.8
2019-09-26
Inoerp · Inoerp · CVE-2019-16894
**Name of the Vulnerable Software and Affected Versions** inoERP version 4.15 **Description** The issue is related to SQL injection through insecure deserialization in the download.php file. **Recommendations** For inoERP version 4.15, update to a version that includes a fix for this issue, if available. As a temporary workaround, consider restricting access to the download.php file to minimize the risk of exploitation.
PT-2019-13243
9.8
2019-07-04
Weberp · Weberp · CVE-2019-13292
**Name of the Vulnerable Software and Affected Versions** webERP version 4.15 **Description** A SQL Injection issue was discovered. The issue concerns the handling of payment data in the Payments.php file, which accepts data in base64 format. This data is decoded and then deserialized. The deserialized data is directly inserted into a SQL query without any sanitizing checks. **Recommendations** For webERP version 4.15, consider implementing sanitizing checks on the deserialized data before it is inserted into SQL queries to prevent SQL injection attacks. As a temporary workaround, restrict access to the Payments.php file to minimize the risk of exploitation.
PT-2019-2516
4.8
2019-04-06
D Link · D-Link Di-524 · CVE-2019-11017
**Name of the Vulnerable Software and Affected Versions** D-Link DI-524 version V2.06RU **Description** The issue concerns multiple Stored and Reflected XSS vulnerabilities found in the Web Configuration of the device. Specifically, the vulnerabilities are located in the /spap.htm, /smap.htm, and /cgi-bin/smap API endpoints, with the `RC` parameter being exploited in the /cgi-bin/smap endpoint. This allows a remote attacker to inject JavaScript code into the device's web interface pages, including the web configuration files spap.htm and smap.htm. **Recommendations** For D-Link DI-524 version V2.06RU, as a temporary workaround, consider disabling access to the /spap.htm, /smap.htm, and /cgi-bin/smap API endpoints until a patch is available. Additionally, restrict the use of the `RC` parameter in the /cgi-bin/smap endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.