CVE-2026-1198

Name of the Vulnerable Software and Affected Versions SIMPLE.ERP versions prior to 6.30@A04.4 u06

Description SIMPLE.ERP is susceptible to a SQL Injection issue within the search functionality of the "Obroty na kontach" window. Insufficient input validation permits an authenticated attacker to construct a malicious database query, leading to its execution. The vulnerable functionality lacks proper sanitization of user-supplied input, allowing for the injection of arbitrary SQL code. The search function is affected. The vulnerable parameter is not specified.

Recommendations Update to version 6.30@A04.4 u06 or later.