Submit #270901: KuERP KuERP <=1.0.4 Significant information leakinfo

TitleKuERP KuERP <=1.0.4 Significant information leak
DescriptionThe KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
Source⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
User
 glzjin (UID 59815)
Submission01/21/2024 10:01 (2 years ago)
Moderation01/28/2024 16:27 (7 days later)
StatusAccepted
VulDB entry252252 [Sichuan Yougou Technology KuERP up to 1.0.4 /runtime/log neutralization for logs]
Points18

Do you want to use VulDB in your project?

Use the official API to access entries easily!