Menu
▾
▴
[WebERP-developers] Fwd: Aw: Vulnerabilities in webERP
|
From: Phil D. <ph...@lo...> - 2020-07-22 01:38:35
|
Gents, This looks like it is sent as GET parameter but is not captured by our session cleansing routine? Anyone any ideas? Phil -------- Forwarded Message -------- Subject: Aw: Vulnerabilities in webERP Date: Sat, 18 Jul 2020 10:51:14 +0200 From: Mario Riederer <Mar...@gm...> To: Phil Daintree <ph...@lo...> Hello Phil, thanks for your reply :) I found 2 Cross Site Scripting and 2 SQL Injections in the software. You can find an explanation of the vulnerabilities in the Attachment. Please let me know if you need further help. Best regards, Mario *Gesendet:* Samstag, 18. Juli 2020 um 07:22 Uhr *Von:* "Phil Daintree" <ph...@lo...> *An:* mar...@gm..., "in...@we..." <in...@we...> *Betreff:* Vulnerabilities in webERP Hi Mario, Further to your message to me at Logic Works ... if you could expand on the vulnerabilities please so we can fix. Many thanks Phil -- Phil Daintree 0275 567890 |
