CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8967

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1110%
EPSS Percentile7.78th
PublishedJun 1, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.

Affected Platforms (CPE)

📦
Gesio

Erp

< 11.2

References & Advisories

🔗 https://www.incibe-cert.es/en/early-warning/security-advisories/gesio-sql-injection-vulnerability
🔗 https://www.incibe-cert.es/en/early-warning/security-advisories/gesio-sql-injection-vulnerability

Related Vulnerabilities

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2019-132949.8

AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. There...

CVE-2019-58939.8

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.

CVE-2020-236209.8

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure de...