提出 #270901: KuERP KuERP <=1.0.4 Significant information leak情報

タイトルKuERP KuERP <=1.0.4 Significant information leak
説明The KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
ソース⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
ユーザー
 glzjin (UID 59815)
送信2024年01月21日 10:01 (2 年 ago)
モデレーション2024年01月28日 16:27 (7 days later)
ステータス承諾済み
VulDBエントリ252252 [Sichuan Yougou Technology KuERP 迄 1.0.4 /runtime/log 特権昇格]
ポイント18

Might our Artificial Intelligence support you?

Check our Alexa App!