SQL Injection Vulnerability in WebIncorp ERP by WebIncorp
CVE-2019-25440

8.8HIGH

Key Information:

Vendor: Webincorp
Status: Webincorp Erp
Vendor: CVE Published:; 22 February 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2019-25440?

WebIncorp ERP is susceptible to an SQL injection flaw that enables unauthenticated attackers to manipulate database queries. By injecting malicious SQL code through the 'prod_id' parameter in GET requests to the 'product_detail.php' script, an attacker can extract sensitive information from the database. This vulnerability poses a significant risk, as it can compromise the integrity and confidentiality of the application's data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WebIncorp ERP *

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-25440 - Proof of Concept

References

https://www.exploit-db.com/exploits/47199

exploit

https://www.vulncheck.com/advisories/webincorp-erp-every-...

third-party-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

🟡
Public PoC available
Feb 22, 2026
👾
Exploit known to exist
Feb 22, 2026
Vulnerability published
Feb 22, 2026
Vulnerability Reserved
Feb 20, 2026

Credit

n1x_ [MS-WEB]

JSON

Webincorp

Badges

What is CVE-2019-25440?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.