Описание
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:weberp:weberp:4.15:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00256
Низкий
4.9 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 4.9
github
больше 3 лет назад
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.
EPSS
Процентиль: 49%
0.00256
Низкий
4.9 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-732