CVE-2019-25440

Publication date

2026-02-22 13:34:37

Family

VulnCheck

State

PUBLISHED

Description

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id values to extract sensitive database information.