Vulnerability CVE-2023-24788


Published: 2023-03-23

Description:
RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
NotrinosERP 0.7 SQL Injection
Arvandy
10.04.2023

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md
https://github.com/notrinos/NotrinosERP
https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py
https://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md

Copyright 2024, cxsecurity.com

 

Back to Top