PT-2025-36343 · Erp · Erp
Vietsunshine
·
Published
2025-09-06
·
Updated
2025-09-06
·
CVE-2025-58439
CVSS v3.1
8.1
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Fix
SQL injection
Weakness Enumeration
Related Identifiers
Affected Products
Erp
Vietsunshine
·
Published
2025-09-06
·
Updated
2025-09-06
·
CVE-2025-58439
8.1
High
| Base vector | Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
ERP versions prior to 14.89.2
ERP versions 15.0.0 through 15.75.1
Description:
ERP, a free and open source Enterprise Resource Planning tool, is susceptible to error-based SQL Injection due to insufficient validation of parameters. This allows retrieval of some information, such as the version.
Recommendations:
Update to ERP version 14.89.2 or later.
Update to ERP version 15.76.0 or later.
Fix
SQL injection