Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
webERP 4.15.1 - Unauthenticated Backup File Access
Vulnerability Description
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
webERP 安全漏洞
Vulnerability Description
webERP是Tim Schofield个人开发者的一套开源的进销存与财务管理系统(ERP系统)。该系统支持库存管理、权限角色管理、订单管理和财务管理等。 webERP 4.15.1版本存在安全漏洞,该漏洞源于未经验证的文件访问漏洞,攻击者可直接请求Backup_[timestamp].sql.gz文件,可能导致数据库备份文件被下载。
CVSS Information
N/A
Vulnerability Type
N/A