CVE-2024-0989

Name of the Vulnerable Software and Affected Versions Sichuan Yougou Technology KuERP versions up to 1.0.4

Description A problematic issue has been found, affecting the function del sn db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal, allowing access to files such as '../filedir'. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this disclosure but did not respond.

Recommendations For Sichuan Yougou Technology KuERP versions up to 1.0.4, consider disabling the del sn db function in the /application/index/controller/Service.php file as a temporary workaround until a patch is available. Restrict access to the file argument to minimize the risk of path traversal exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.