Aggregates CVE and security vulnerability intelligence across all ebrigade-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk path handling, with potential vendor impact data exposure and vendor impact file overwrite across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-25707 | eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details. | [email protected] | 7.1 | 0.03% | 2026-04-12 | 2026-04-17 |
| CVE-2019-16745 | eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. | [email protected] | 8.8 | 0.33% | 2019-09-30 | 2024-11-21 |
| CVE-2019-16744 | eBrigade before 5.0 has evenements.php cid SQL Injection. | [email protected] | 8.8 | 0.33% | 2019-09-30 | 2024-11-21 |
| CVE-2019-16743 | eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. | [email protected] | 8.8 | 0.32% | 2019-09-30 | 2024-11-21 |
| CVE-2019-9622 | eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. | [email protected] | 4.3 | 3.44% | 2019-03-07 | 2024-11-21 |