Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026

webERP 4.15.1 - Unauthenticated Backup File Access

CVE-2020-37082

Description

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Affected products

Weberp/Weberpllm-fuzzy2 versions
= 4.15.1+ 1 more
- (no CPE)range: = 4.15.1
- (no CPE)range: 4.15.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/48420mitreexploit
www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-accessmitrethird-party-advisory
www.weberp.orgmitreproduct
sourceforge.net/projects/web-erp/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000