Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.Referenceshttps://www.exploit-db.com/exploits/46118/https://github.com/EmreOvunc/OpenSource-ERP-SQL-Injection
