Description
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin 3D Banner Rotator 'upload.php' Arbitrary File Upload (2.1)
WordPress Plugin Quotes Collection Cross-Site Request Forgery (1.5.5.1)
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)
WordPress Plugin Two-Factor Authentication-Clockwork SMS Cross-Site Scripting (1.0.3)