PT-2026-26558 · Erp · Erp

Odgrso

Published

2026-03-20

Updated

2026-03-24

CVE-2026-32954

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ERP versions prior to 16.8.0 ERP versions prior to 15.100.0

Description The software contains a flaw due to insufficient parameter validation, leading to time-based and boolean-based blind SQL injection in certain endpoints. This allows attackers to potentially infer database information.

Recommendations Update to version 16.8.0 or later. Update to version 15.100.0 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-32954

GHSA-J669-GHV2-GMQG

Affected Products

Erp

PT-2026-26558 · Erp · Erp

CVE-2026-32954

Weakness Enumeration

Related Identifiers

Affected Products

References · 8