CVE-2025-9339

by Fred · 21/10/2025

SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6 characters. We weren’t able to identify a way to exfiltrate data within query character limit.

This issue affects SIMPLE.ERP in versions before 6.30@a04.3.

More information : https://cert.pl/en/posts/2025/10/CVE-2025-9339/

CVE-2025-9339

Similar

Recent Posts

Categories

CVE-2025-9339

Share this:

Similar

Recent Posts

Categories

Tags