Primary

Context

Simple.ERP SQL Injection Vulnerability in Search Functionality

Vulnerability

A SQL injection vulnerability has been identified in Simple.ERP, specifically within the search feature of the 'Obroty na kontach' window. This vulnerability arises from inadequate input validation, allowing authenticated attackers to craft and execute malicious SQL queries against the database. All versions of Simple.ERP prior to 6.30@A04.4_u06 are affected.

Impact

Exploitation of this vulnerability allows for arbitrary SQL query execution, potentially leading to unauthorized data access or manipulation.

Remediation

Users can upgrade to Simple.ERP version 6.30@A04.4_u06 or later to address this vulnerability.

Added: Feb 26, 2026, 12:22 PM

Updated: Feb 26, 2026, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Simple.ERP SQL Injection Vulnerability in Search Functionality

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating