SalesERP 8.1 SQL injection vulnerability


SalesERP 8.1 has SQL injection vulnerability. By inserting SQL command into the Web form submission or entering the query string of domain name or page request, the attacker can eventually cheat the server to execute malicious SQL command.


At present, the manufacturer has issued an upgrade patch to fix the vulnerability.