Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WebERP Files or Directories Accessible to External Parties Vulnerability - CVE-2020-37082 - Vulnerability Database
WebERP

WebERP Files or Directories Accessible to External Parties Vulnerability - CVE-2020-37082

High
Reference: CVE-2020-37082
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-37082
Title: WebERP Files or Directories Accessible to External Parties Vulnerability
Overview:

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_timestamp.sql.gz file.