ГлавнаяУязвимости → CVE-2020-37082
9.8критическая

CVE-2020-37082

Описание

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Затрагиваемое ПО
Weberp Weberp
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.weberp.orghttps://sourceforge.net/projects/web-erp/https://www.exploit-db.com/exploits/48420https://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-access