Описание
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.
EPSS
Процентиль: 37%
0.00157
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 9.8
github
4 дня назад
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.
EPSS
Процентиль: 37%
0.00157
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-552