CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42564
https://notcve.org/view.php?id=CVE-2024-42564
20 Aug 2024 — ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete. • https://gist.github.com/topsky979/8ccda41cac32fe781b89c6c0db245ab7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 3CVE-2022-30076 – ENTAB ERP 1.0 - Username PII leak
https://notcve.org/view.php?id=CVE-2022-30076
10 Apr 2023 — ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting. ENTAB ERP version 1.0 suffers from a username information leak due to a lack of rate limiting. • https://packetstorm.news/files/id/171777 • CWE-307: Improper Restriction of Excessive Authentication Attempts •