Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
SIMPLE.ERP search function allows malicious database queries
CVE-2026-1198
Summary
An attacker with an account can use the search function in the 'Obroty na kontach' window to execute unauthorized database queries. This could potentially allow them to access sensitive information. SIMPLE.ERP administrators should update to the latest version ([email protected]_u06) to fix this issue.
Original title
SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the da...
Original description
SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed.
This issue was fixed in [email protected]_u06.
This issue was fixed in [email protected]_u06.
nvd CVSS4.0
8.6
Vulnerability type
CWE-89
SQL Injection
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026