Enviar #270901: KuERP KuERP <=1.0.4 Significant information leakinformación

TítuloKuERP KuERP <=1.0.4 Significant information leak
DescripciónThe KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
Fuente⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
Usuario
 glzjin (UID 59815)
Sumisión2024-01-21 10:01 (hace 2 años)
Moderación2024-01-28 16:27 (7 days later)
EstadoAceptado
Entrada de VulDB252252 [Sichuan Yougou Technology KuERP hasta 1.0.4 /runtime/log escalada de privilegios]
Puntos18

Interested in the pricing of exploits?

See the underground prices here!