Simple ERP SQL Injection Vulnerability Allowing Table Deletion

Vulnerability

A SQL injection vulnerability has been identified in the warehouse document filtering form of Simple ERP software, affecting versions prior to 6.30@a04.3. This vulnerability allows logged-in users to send payloads of up to 20 characters, with the potential to delete tables named with a maximum of 6 characters. However, exploitation does not appear to allow for data exfiltration within the query character limit.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of database tables, potentially causing data loss and disruption of application functionality.

Added: Oct 21, 2025, 2:17 PM

Updated: Oct 21, 2025, 8:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Simple ERP SQL Injection Vulnerability Allowing Table Deletion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating