In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
CVSS Score
9.8
EPSS Score
0.015
Published
2021-02-10
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-09-26