CVE-2019-25440
22.02.2026, 14:16
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id values to extract sensitive database information.
Awaiting analysis
This vulnerability is currently awaiting analysis.