CVE-2019-7755

Name of the Vulnerable Software and Affected Versions webERP version 4.15

Description The Import Bank Transactions function in webERP fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries. This issue allows for SQL Injection attacks.

Recommendations For webERP version 4.15, as a temporary workaround, consider disabling the Import Bank Transactions function until a patch is available. Restrict access to the MT940 bank statement file import feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.