Gửi #270901: KuERP KuERP <=1.0.4 Significant information leakthông tin

tiêu đềKuERP KuERP <=1.0.4 Significant information leak
Mô tảThe KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
Nguồn⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
Người dùng
 glzjin (UID 59815)
Đệ trình21/01/2024 10:01 (cách đây 2 những năm)
Kiểm duyệt28/01/2024 16:27 (7 days later)
Trạng tháiđược chấp nhận
Mục VulDB252252 [Sichuan Yougou Technology KuERP đến 1.0.4 /runtime/log nâng cao đặc quyền]
điểm18

Do you need the next level of professionalism?

Upgrade your account now!