CVE-2025-9339 – SQL Injection in SIMPLE.ERP

CVE ID : CVE-2025-9339

Published : Oct. 21, 2025, 2:15 p.m. | 26 minutes ago

Description : SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user to send a payload of up to 20 characters. Identified use case allows to delete tables with a name of maximum 6 characters. We weren’t able to identify a way to exfiltrate data within query character limit.

This issue affects SIMPLE.ERP in versions before 6.30@a04.3.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…