CVE-2024-4996

Name of the Vulnerable Software and Affected Versions: Wapro ERP Desktop versions prior to 8.90.0

Description: The issue involves the use of a hard-coded password for a database administrator account created during Wapro ERP installation. This allows an attacker to retrieve embedded sensitive data stored in the database. The password is the same among all Wapro ERP installations.

Recommendations: For Wapro ERP Desktop versions prior to 8.90.0, update to version 8.90.0 or later to resolve the issue. As a temporary workaround, consider changing the hard-coded password for the database administrator account to a unique and secure password until a patch is applied. Restrict access to the database to minimize the risk of exploitation.