cve/2019/CVE-2019-0370.md

### [CVE-2019-0370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0370)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Financial%20Consolidation&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C10.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Others&color=brighgreen)

### Description

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

### POC

#### Reference
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-0370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0370)`
			`![](https://img.shields.io/static/v1?label=Product&message=SAP%20Financial%20Consolidation&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C10.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Others&color=brighgreen)`

			`### Description`

			`Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.`

			`### POC`

			`#### Reference`
			`- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050`

			`#### Github`
			`No PoCs found on GitHub currently.`