Ebrigade: >> Ebrigade Security Vulnerabilities
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-04-12
eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-30
eBrigade before 5.0 has evenements.php cid SQL Injection.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-30
eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-30
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
CVSS Score
4.3
EPSS Score
0.034
Published
2019-03-07