PT-2026-5832 · Weberp · Weberp
Besim Altinok
·
Published
2026-02-03
·
Updated
2026-02-03
·
CVE-2020-37082
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
webERP version 4.15.1
Description
An unauthenticated file access issue allows remote attackers to download database backup files. Attackers can directly access generated backup files located in the 'companies/weberp/' directory by requesting the
Backup [timestamp].sql.gz file.Recommendations
For version 4.15.1, restrict access to the 'companies/weberp/' directory to prevent unauthorized downloads of backup files.
Exploit
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Weberp