Ebrigade

ebrigade

Vendor: Ebrigade • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-25707 1Ebrigade 1Ebrigade Apr 17, 2026 Apr 12, 2026 7.1 HIGH· v4 7.1 HIGH· v3 N/A· v2 eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf...Show more eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.Show less
CVE-2019-16745 1Ebrigade 1Ebrigade Nov 21, 2024 Sep 30, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.
CVE-2019-16744 1Ebrigade 1Ebrigade Nov 21, 2024 Sep 30, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 eBrigade before 5.0 has evenements.php cid SQL Injection.
CVE-2019-16743 1Ebrigade 1Ebrigade Nov 21, 2024 Sep 30, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.
CVE-2019-9622 1Ebrigade 1Ebrigade Nov 21, 2024 Mar 7, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.