CNNVD-202602-228 Information
CNNVD ID
CNNVD-202602-228
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
webERP是Tim Schofield个人开发者的一套开源的进销存与财务管理系统(ERP系统)。该系统支持库存管理、权限角色管理、订单管理和财务管理等。 webERP 4.15.1版本存在安全漏洞,该漏洞源于未经验证的文件访问漏洞,攻击者可直接请求Backup_[timestamp].sql.gz文件,可能导致数据库备份文件被下载。
Description (English)
WebERP is an open-source system of marketing and financial management (ERP) for Tim Schofield’s personal developers. The system supports inventory management, competency role management, order management and financial management. There is a security loophole in version 4-15.1 of WebERP, which originates from unverified document access loopholes where attackers can directly request Backup [timestamp].sql.gz files, which could result in the database backup files being downloaded.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-03
Last Modified
2026-02-24
References
http://www.weberp.org https://sourceforge.net/projects/web-erp/ https://www.exploit-db.com/exploits/48420 https://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-access
Patch
https://github.com/timschofield/webERP/releases
Share on: