| 제목 | KuERP KuERP <=1.0.4 Significant information leak |
|---|
| 설명 | The KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 21. AM 10:01 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 28. PM 04:27 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 252252 [Sichuan Yougou Technology KuERP 까지 1.0.4 /runtime/log 권한 상승] |
|---|
| 포인트들 | 18 |
|---|