ebrigade 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact data exposure and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-25707 | eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details. | [email protected] | 7.1 | 0.03% | 2026-04-12 | 2026-04-17 |
| CVE-2019-16745 | eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. | [email protected] | 8.8 | 0.33% | 2019-09-30 | 2024-11-21 |
| CVE-2019-16744 | eBrigade before 5.0 has evenements.php cid SQL Injection. | [email protected] | 8.8 | 0.33% | 2019-09-30 | 2024-11-21 |
| CVE-2019-16743 | eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. | [email protected] | 8.8 | 0.32% | 2019-09-30 | 2024-11-21 |
| CVE-2019-9622 | eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. | [email protected] | 4.3 | 3.44% | 2019-03-07 | 2024-11-21 |