| Título | ury-erp ury 0.2.0 SQL Injection |
|---|
| Descripción | URY is an innovative restaurant management system built on top of ERPNext, the world's leading open source ERP. Engineered specifically for the food service industry, URY provides a robust and comprehensive suite of tools to seamlessly manage all aspects of your restaurant. A critical SQL injection vulnerability has been identified in the URY Restaurant Management System's POS (Point of Sale) module. This vulnerability allows unauthenticated or low-privileged attackers to bypass input sanitization and execute arbitrary SQL queries against the backend MariaDB database. Successful exploitation could lead to unauthorized data access, data exfiltration, data modification, or complete database compromise. |
|---|
| Fuente | ⚠️ https://github.com/ictrun/ury-vulns/blob/main/README.md |
|---|
| Usuario | ictrun (UID 83482) |
|---|
| Sumisión | 2025-10-28 13:17 (hace 6 meses) |
|---|
| Moderación | 2025-11-14 09:13 (17 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 332456 [ury-erp ury hasta 0.2.0 pos_extend.py overrided_past_order_list search_term inyección SQL] |
|---|
| Puntos | 20 |
|---|