Incorrect Access Control in webERP Affects Company Template File
CVE-2018-20420

4.9MEDIUM

Key Information:

Vendor: Weberp
Status: Weberp
Vendor: CVE Published:; 24 December 2018

What is CVE-2018-20420?

In webERP version 4.15, a vulnerability exists in the Z_CreateCompanyTemplateFile.php script due to incorrect access control mechanisms. This allows attackers to manipulate the TemplateName parameter and utilize directory traversal techniques, permitting them to overwrite existing .sql files on the server. This flaw underscores the importance of secure coding practices to prevent unauthorized file access and modification.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/eddietcc/CVEnotes/blob/master/webERP_4...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 24, 2018

JSON

Weberp

What is CVE-2018-20420?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.