Share 
## https://sploitus.com/exploit?id=SAINT:DCEC55C8C6923EFCFBB042637DF3E51C
Added: 10/28/2020  


### Background

[inoERP](<http://inoideas.org/>) is an open source web based enterprise management system. 

### Problem

A vulnerability in the form_personalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the `**template_code**` parameter. 

### Resolution

No fix is available at the time of this writing. Do not use inoERP, or restrict access to the web interface so it is only accessible by trusted users. 

### References

<https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/>  


### Platforms

Linux