提交 #270901: KuERP KuERP <=1.0.4 Significant information leak信息

标题KuERP KuERP <=1.0.4 Significant information leak
描述The KuERP System, version 1.4.20 and below, has a significant information leak vulnerability. The system saves logs with sensitive data, such as request parameters, into the /runtime/log folder using the date as the file name, which can be directly accessed. This exposed information can potentially be exploited by malicious actors to gain unauthorized access to the system.
来源⚠️ https://note.zhaoj.in/share/mhLwGOcLxYfP
用户
 glzjin (UID 59815)
提交2024-01-21 10時01分 (2 年前)
管理2024-01-28 16時27分 (7 days later)
状态已接受
VulDB条目252252 [Sichuan Yougou Technology KuERP 直到 1.0.4 /runtime/log 权限提升]
积分18

Interested in the pricing of exploits?

See the underground prices here!