CVE-2019-5893

Name of the Vulnerable Software and Affected Versions Nelson Open Source ERP version 6.3.1

Description The issue allows SQL Injection via the db/utils/query/data.xml query parameter. This means an attacker could potentially inject malicious SQL code to manipulate the database.

Recommendations For Nelson Open Source ERP version 6.3.1, consider restricting access to the data.xml query parameter in the db/utils/query endpoint until a patch is available. Avoid using the data.xml parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.