Soumettre #270901: KuERP KuERP <=1.0.4 Significant information leakinformation

TitreKuERP KuERP <=1.0.4 Significant information leak
DescriptionThe KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
La source⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
Utilisateur
 glzjin (UID 59815)
Soumission21/01/2024 10:01 (il y a 2 ans)
Modérer28/01/2024 16:27 (7 days later)
StatutAccepté
Entrée VulDB252252 [Sichuan Yougou Technology KuERP jusqu’à 1.0.4 /runtime/log élévation de privilèges]
Points18

Do you know our Splunk app?

Download it now for free!