cve/CVE-2018-20420.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.

POC

Reference

No PoCs from references.

Github

https://github.com/0xUhaw/CVE-Bins
https://github.com/eddietcc/CVEnotes

729 B Raw Blame History

CVE-2018-20420

Description

POC

Reference

Github

729 B

Raw Blame History