Search criteria
5 vulnerabilities by ebrigade
CVE-2019-25707 (GCVE-0-2019-25707)
Vulnerability from cvelistv5 – Published: 2026-04-12 12:28 – Updated: 2026-04-13 17:28
VLAI
Title
eBrigade ERP 4.5 SQL Injection via pdf.php
Summary
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46117 | exploit |
| https://ebrigade.net/ | product |
| https://netcologne.dl.sourceforge.net/project/ebr… | product |
| https://www.vulncheck.com/advisories/ebrigade-erp… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ebrigade | eBrigade ERP |
Affected:
4.5
|
Date Public
2019-01-10 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25707",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T17:28:29.236848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T17:28:35.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "eBrigade ERP",
"vendor": "Ebrigade",
"versions": [
{
"status": "affected",
"version": "4.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2019-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027id\u0027 parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the \u0027id\u0027 parameter to extract sensitive database information including table names and schema details."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-12T12:28:52.833Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46117",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46117"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://ebrigade.net/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade_4.5.zip"
},
{
"name": "VulnCheck Advisory: eBrigade ERP 4.5 SQL Injection via pdf.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ebrigade-erp-sql-injection-via-pdf-php"
}
],
"title": "eBrigade ERP 4.5 SQL Injection via pdf.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25707",
"datePublished": "2026-04-12T12:28:52.833Z",
"dateReserved": "2026-04-12T12:13:51.215Z",
"dateUpdated": "2026-04-13T17:28:35.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-16745 (GCVE-0-2019-16745)
Vulnerability from cvelistv5 – Published: 2019-09-30 12:14 – Updated: 2024-08-05 01:24
VLAI
Summary
eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://sourceforge.net/projects/ebrigade/files/ | x_refsource_MISC |
| https://packetstormsecurity.com/files/154624/eBri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-30T12:14:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/projects/ebrigade/files/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"name": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16745",
"datePublished": "2019-09-30T12:14:21.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16744 (GCVE-0-2019-16744)
Vulnerability from cvelistv5 – Published: 2019-09-30 12:13 – Updated: 2024-08-05 01:24
VLAI
Summary
eBrigade before 5.0 has evenements.php cid SQL Injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://sourceforge.net/projects/ebrigade/files/ | x_refsource_MISC |
| https://packetstormsecurity.com/files/154624/eBri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eBrigade before 5.0 has evenements.php cid SQL Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-30T12:13:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eBrigade before 5.0 has evenements.php cid SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/projects/ebrigade/files/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"name": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16744",
"datePublished": "2019-09-30T12:13:44.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16743 (GCVE-0-2019-16743)
Vulnerability from cvelistv5 – Published: 2019-09-30 12:06 – Updated: 2024-08-05 01:24
VLAI
Summary
eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://sourceforge.net/projects/ebrigade/files/ | x_refsource_MISC |
| http://packetstormsecurity.com/files/154624/eBrig… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eBrigade before 5.0 has evenement_ical.php evenement SQL Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-30T12:06:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eBrigade before 5.0 has evenement_ical.php evenement SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/projects/ebrigade/files/",
"refsource": "MISC",
"url": "https://sourceforge.net/projects/ebrigade/files/"
},
{
"name": "http://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154624/eBrigade-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16743",
"datePublished": "2019-09-30T12:06:27.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9622 (GCVE-0-2019-9622)
Vulnerability from cvelistv5 – Published: 2019-03-07 05:00 – Updated: 2024-08-04 21:54
VLAI
Summary
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46109 | exploitx_refsource_EXPLOIT-DB |
| https://sourceforge.net/p/ebrigade/code/5912/ | x_refsource_MISC |
| https://pentest.com.tr/exploits/Brigade-ERP-4-5-D… | x_refsource_MISC |
Date Public
2019-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46109",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46109"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/ebrigade/code/5912/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/Brigade-ERP-4-5-Database-Backup-Disclosure-via-AFD.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T05:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46109",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46109"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/ebrigade/code/5912/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/Brigade-ERP-4-5-Database-Backup-Disclosure-via-AFD.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46109",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46109"
},
{
"name": "https://sourceforge.net/p/ebrigade/code/5912/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/ebrigade/code/5912/"
},
{
"name": "https://pentest.com.tr/exploits/Brigade-ERP-4-5-Database-Backup-Disclosure-via-AFD.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/Brigade-ERP-4-5-Database-Backup-Disclosure-via-AFD.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9622",
"datePublished": "2019-03-07T05:00:00.000Z",
"dateReserved": "2019-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:45.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}