CVE-2019-16894 download.php in inoERP 4.15 allows SQL injection through insecure deserialization. Source: NIST CVE-2019-16894 September 26, 2019 by admin Uncategorized