216.73.217.80

CVE-2019-25707

· Published 12/04/2026 13:16 · Modified 13/04/2026 15:01

Labels: CVE-2019-25707 2026-04-12CVE-2019-25707CWE-89[email protected]

Essential information

Published
12/04/2026 13:16
Modified
13/04/2026 15:01
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
eBrigade / erp cpe:2.3:a:eBrigade:erp:4.5:*:*:*:*:*:*:*

References