CVE-2025-46052 is a critical SQL Injection (SQLi) vulnerability identified in WebERP version 4.15.2. This vulnerability arises from improper input validation in the DEL form field within a POST request to the /StockCounts.php endpoint. An attacker can exploit this flaw by injecting crafted SQL payloads into the DEL parameter, which the application then executes directly against its backend database. This error-based SQLi allows attackers to execute arbitrary SQL commands, enabling them to extract sensitive data, modify or delete database records, and potentially escalate privileges or compromise the entire application environment. The vulnerability is classified under CWE-89, indicating a classic SQL Injection issue. The CVSS v3.1 score of 9.8 (critical) reflects the high impact and ease of exploitation, as the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, but the severity and straightforward exploitation method make this a high-risk vulnerability for any organization using the affected WebERP version. WebERP is an open-source web-based ERP system commonly used by small to medium enterprises for financial and inventory management, making the exposure of sensitive business data a significant concern.

For European organizations using WebERP 4.15.2, this vulnerability poses a substantial risk to business operations and data security. Exploitation could lead to unauthorized disclosure of sensitive financial and inventory data, resulting in potential regulatory non-compliance under GDPR due to data breaches. The integrity of business-critical data could be compromised, leading to incorrect financial reporting, inventory mismanagement, and operational disruptions. Availability impacts could arise if attackers delete or corrupt database records, causing downtime or loss of service. Given the critical nature of the vulnerability and the lack of required authentication, attackers can remotely exploit this flaw without prior access, increasing the risk of widespread attacks. This could also lead to reputational damage and financial losses for affected organizations. Additionally, the extracted data could be leveraged for further attacks, including fraud or corporate espionage, which are significant concerns within the European business context.

European organizations should immediately assess their use of WebERP, specifically version 4.15.2, and prioritize patching or upgrading to a version where this vulnerability is fixed once available. In the absence of an official patch, organizations should implement the following mitigations: 1) Apply Web Application Firewall (WAF) rules to detect and block SQL injection attempts targeting the /StockCounts.php endpoint, especially monitoring the DEL parameter in POST requests. 2) Conduct thorough input validation and sanitization on all user-supplied data, particularly the DEL field, to reject or neutralize malicious SQL payloads. 3) Restrict database user permissions to the minimum necessary, preventing the application from executing arbitrary SQL commands beyond its intended scope. 4) Monitor application logs and database query logs for unusual or suspicious activities indicative of SQL injection attempts. 5) Consider isolating the WebERP application in a segmented network zone with strict access controls to limit exposure. 6) Educate development and IT teams on secure coding practices to prevent similar vulnerabilities in future releases. 7) Prepare an incident response plan tailored to data breaches involving ERP systems to respond swiftly if exploitation occurs.