Submeter #270901: KuERP KuERP <=1.0.4 Significant information leakinformação

TítuloKuERP KuERP <=1.0.4 Significant information leak
DescriçãoThe KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
Fonte⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
Utilizador
 glzjin (UID 59815)
Submissão21/01/2024 10h01 (há 2 anos)
Moderação28/01/2024 16h27 (7 days later)
EstadoAceite
Entrada VulDB252252 [Sichuan Yougou Technology KuERP até 1.0.4 /runtime/log Elevação de Privilégios]
Pontos18

Might our Artificial Intelligence support you?

Check our Alexa App!