cve/2019/CVE-2019-7755.md

### [CVE-2019-7755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7755)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

### POC

#### Reference
- https://www.exploit-database.net/?id=101060
- https://www.exploit-db.com/exploits/46431/

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-7755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7755)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.`

			`### POC`

			`#### Reference`
			`- https://www.exploit-database.net/?id=101060`
			`- https://www.exploit-db.com/exploits/46431/`

			`#### Github`
			`No PoCs found on GitHub currently.`