CNNVD-202601-1803 Information
CNNVD ID
CNNVD-202601-1803
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
WebErpMesv2是Kevin个人开发者的一个面向工业的资源管理和制造的Web系统。 WebErpMesv2 1.19之前版本存在访问控制错误漏洞,该漏洞源于多个敏感API端点未使用身份验证中间件,可能导致未经身份验证的远程攻击者读取关键业务数据。
Description (English)
WebErpMesv2 is an industry-oriented Web-based resource management and manufacturing system for Kevin’s personal developers. The previous version of WebErpMesv2 1.19 had an access control error loophole, which stemmed from the fact that multiple sensitive API endpoints did not use authentication intermediates and could lead to unidentified remote assailants reading key operational data.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
个人开发者
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/SMEWebify/WebErpMesv2/commit/3a7ab1c95d1d1c8f7c62c84bc87b3666ecd2fa23 https://github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-pp68-5pc2-hv7w
Patch
https://github.com/SMEWebify/WebErpMesv2/releases
Share on: