| 标题 | ury-erp ury 0.2.0 SQL Injection |
|---|
| 描述 | URY is an innovative restaurant management system built on top of ERPNext, the world's leading open source ERP. Engineered specifically for the food service industry, URY provides a robust and comprehensive suite of tools to seamlessly manage all aspects of your restaurant. A critical SQL injection vulnerability has been identified in the URY Restaurant Management System's POS (Point of Sale) module. This vulnerability allows unauthenticated or low-privileged attackers to bypass input sanitization and execute arbitrary SQL queries against the backend MariaDB database. Successful exploitation could lead to unauthorized data access, data exfiltration, data modification, or complete database compromise. |
|---|
| 来源 | ⚠️ https://github.com/ictrun/ury-vulns/blob/main/README.md |
|---|
| 用户 | ictrun (UID 83482) |
|---|
| 提交 | 2025-10-28 13時17分 (6 月前) |
|---|
| 管理 | 2025-11-14 09時13分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 332456 [ury-erp ury 直到 0.2.0 pos_extend.py overrided_past_order_list search_term SQL注入] |
|---|
| 积分 | 20 |
|---|