CVE-2023-24788
published 2023-03-23CVE-2023-24788: NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.09%
86.1th percentile
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| notrinos | notrinos-erp | 0 – 0.7 | — |
| notrinos | notrinoserp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
NotrinosERP vulnerable to SQL Injection
osv·2023-03-23
CVE-2023-24788 [HIGH] NotrinosERP vulnerable to SQL Injection
NotrinosERP vulnerable to SQL Injection
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at `/NotrinosERP/sales/customer_delivery.php`.
GHSA
NotrinosERP vulnerable to SQL Injection
ghsa·2023-03-23
CVE-2023-24788 [HIGH] CWE-89 NotrinosERP vulnerable to SQL Injection
NotrinosERP vulnerable to SQL Injection
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at `/NotrinosERP/sales/customer_delivery.php`.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.htmlhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.mdhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.pyhttps://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.mdhttps://github.com/notrinos/NotrinosERPhttp://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.htmlhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.mdhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.pyhttps://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.mdhttps://github.com/notrinos/NotrinosERP
2023-03-23
Published