ERP commit 44bd04 was found to have a SQL injection vulnerability by using the id parameter at /index.php/basedata/inventory/delete?motion=delete. This is due to missing enter validation and sanitization to the render https://www.ralantech.com/mysql-database-health-check-consulting-service/