## https://sploitus.com/exploit?id=SAINT:DCEC55C8C6923EFCFBB042637DF3E51C
Added: 10/28/2020
### Background
[inoERP](<http://inoideas.org/>) is an open source web based enterprise management system.
### Problem
A vulnerability in the form_personalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the `**template_code**` parameter.
### Resolution
No fix is available at the time of this writing. Do not use inoERP, or restrict access to the web interface so it is only accessible by trusted users.
### References
<https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/>
### Platforms
Linux