Security Advisory

CVE-2018-20420

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-12-24 03:00:00

Last updated 2024-09-17 04:24:26

Assigner mitre

State PUBLISHED

Description

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.

← Browse all CVEs View on cve.org ↗