WebERP SQL Injection Vulnerability in Report Writer Module

Vulnerability

A SQL injection vulnerability exists in WebERP version 4.15.2. This issue allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting crafted payloads into the ReportID and ReplaceReportID parameters. The vulnerability is triggered within a POST request to /reportwriter/admin/ReportCreator.php.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, potentially leading to unauthorized data access or manipulation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WebERP SQL Injection Vulnerability in Report Writer Module

Vulnerability

Impact

Affected Products

webERP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating