Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WebErpMesv2 allows unauthenticated API Access
Vulnerability Description
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
WebErpMesv2 访问控制错误漏洞
Vulnerability Description
WebErpMesv2是Kevin个人开发者的一个面向工业的资源管理和制造的Web系统。 WebErpMesv2 1.19之前版本存在访问控制错误漏洞,该漏洞源于多个敏感API端点未使用身份验证中间件,可能导致未经身份验证的远程攻击者读取关键业务数据。
CVSS Information
N/A
Vulnerability Type
N/A