MidnightBSD

Advisories for nuserp

CVE-2024-44756

NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin.

Products Affected

Vendor Product Version
nuserp nus-m9_erp 3.0.0
CVE-2024-44757

An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.

Products Affected

Vendor Product Version
nuserp nus-m9_erp 3.0.0
CVE-2024-44758

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.

Products Affected

Vendor Product Version
nuserp nus-m9_erp 3.0.0
CVE-2024-44759

An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.

Products Affected

Vendor Product Version
nuserp nus-m9_erp 3.0.0