Skip to main content

SIMPLE.ERP CVE-2026-1198

SQL Injection (CWE-89)
2026-02-26 cvd@cert.pl

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 26, 2026 - 12:15 nvd
N/A

DescriptionCVE.org

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in 6.30@A04.4_u06.

AnalysisAI

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed.

Technical ContextAI

Classified as CWE-89 (SQL Injection). SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in 6.30@A04.4_u06.

Affected ProductsAI

Component: search.

RemediationAI

Fixed in version 6.30. Use parameterized queries. Implement input validation.

Share

CVE-2026-1198 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy