← Voltar para CVEs
CVE-2020-37082
CRITICAL9.8
Descricao
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/3/2026
Ultima modificacao2/11/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
weberp:weberp
Fraquezas (CWE)
CWE-552
Referencias
http://www.weberp.org(disclosure@vulncheck.com)
https://sourceforge.net/projects/web-erp/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48420(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-access(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.