Отправить #270901: KuERP KuERP <=1.0.4 Significant information leakИнформация

НазваниеKuERP KuERP <=1.0.4 Significant information leak
ОписаниеThe KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
Источник⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
Пользователь
 glzjin (UID 59815)
Представление21.01.2024 10:01 (2 лет назад)
Модерация28.01.2024 16:27 (7 days later)
Статуспринято
Запись VulDB252252 [Sichuan Yougou Technology KuERP до 1.0.4 /runtime/log эскалация привилегий]
Баллы18

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!