First published: Mon Dec 24 2018(Updated: )
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Weberp Weberp | =4.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.