WebERP Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2018-20420 - Vulnerability Database

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2018-20420

Medium
Reference: CVE-2018-20420
Title: WebERP Incorrect Permission Assignment for Critical Resource Vulnerability
Overview:

In webERP 4.15 Z_CreateCompanyTemplateFile.php has Incorrect Access Control leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.