CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-8967

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1110%
EPSS Percentile7.78th
Published2020年6月1日
Last Modified2024年11月21日

Vulnerability Description

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.

Affected Platforms (CPE)

📦
Gesio

Erp

< 11.2

References & Advisories

🔗 https://www.incibe-cert.es/en/early-warning/security-advisories/gesio-sql-injection-vulnerability
🔗 https://www.incibe-cert.es/en/early-warning/security-advisories/gesio-sql-injection-vulnerability

関連する脆弱性情報

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2019-132949.8

AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. There...

CVE-2019-58939.8

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.

CVE-2020-236209.8

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure de...