CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 06:06:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52
CVEs-PoC/2018/CVE-2018-20420.md
T
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

729 B
Raw Blame History

CVE-2018-20420

Description

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink