Отправить #270934: KuERP KuERP <=1.0.4 Post-Authentication Arbitrary File DeletionИнформация

НазваниеKuERP KuERP <=1.0.4 Post-Authentication Arbitrary File Deletion
ОписаниеThe KuERP System version ≤1.0.4 has a Post-Authentication Arbitrary File Deletion vulnerability in the /application/index/controller/Service.php file. Specifically, the 'del_sn_db' function inappropriately accepts and processes the 'file' parameter, which can be exploited by an authenticated attacker to delete any file on the system, including critical ones like 'index.php', by sending a specially crafted HTTP POST request.
Источник⚠️ https://note.zhaoj.in/share/XKxaJTphW6PB
Пользователь
 glzjin (UID 59815)
Представление21.01.2024 12:10 (2 лет назад)
Модерация28.01.2024 16:27 (7 days later)
Статуспринято
Запись VulDB252254 [Sichuan Yougou Technology KuERP до 1.0.4 Service.php del_sn_db Файл]
Баллы20

Interested in the pricing of exploits?

See the underground prices here!