Openbravo · Openbravo Erp · CVE-2019-14362
**Name of the Vulnerable Software and Affected Versions**
Openbravo ERP versions prior to 3.0PR19Q1.3
**Description**
The issue allows remote authenticated attackers to replace a file on the server. This is achieved via the `getAttachmentDirectoryForNewAttachment` `inpKey` value.
**Recommendations**
For versions prior to 3.0PR19Q1.3, update to version 3.0PR19Q1.3 or later to resolve the issue.