Erp
Monthly
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP applications to redirect users to malicious websites, potentially compromising user credentials or distributing malware. The vulnerability requires user interaction to exploit and has limited impact on confidentiality and integrity, with no availability impact. No patch is currently available.
jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP applications to redirect users to malicious websites, potentially compromising user credentials or distributing malware. The vulnerability requires user interaction to exploit and has limited impact on confidentiality and integrity, with no availability impact. No patch is currently available.
jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.