VYPR
Medium severity4.9NVD Advisory· Published Dec 24, 2018· Updated Jun 17, 2026

CVE-2018-20420

CVE-2018-20420

Description

In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.

Affected products

2
  • Weberp/Weberpinferred2 versions
    =4.15+ 1 more
    • (no CPE)range: =4.15
    • (no CPE)range: = 4.15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.