CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
Source: NIST
CVE-2019-16894