WEB APPLICATION VULNERABILITIES Standard & Premium

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-22474)

Description

In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.

Remediation

References

Related Vulnerabilities

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)

Oracle JRE CVE-2023-21968 Vulnerability (CVE-2023-21968)

WebLogic Other Vulnerability (CVE-2020-10672)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725)

WordPress Plugin Profiles 'bio-img.php' SQL Injection (2.0RC1)

Severity

Medium

Classification

CVE-2020-22474 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities