Dlescos

**Name of the Vulnerable Software and Affected Versions** Openbravo ERP versions prior to 3.0PR19Q1.3 **Description** The issue allows remote authenticated attackers to replace a file on the server. This is achieved via the `getAttachmentDirectoryForNewAttachment` `inpKey` value. **Recommendations** For versions prior to 3.0PR19Q1.3, update to version 3.0PR19Q1.3 or later to resolve the issue.