CVE-2019-16894
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
9.8CVSS
9.8AI Score
0.003EPSS
CVE-2020-28870
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
9.6AI Score
0.014EPSS