CVE-2020-37082

CRITICAL

webERP 4.15.1 - Unauthenticated Database Backup File Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37082. PoCs published by Besim.

AI-analyzed exploit summary This is a writeup describing an unauthenticated backup file access vulnerability in webERP 4.15.1. It explains how an attacker can generate and download backup files without authentication.

Description

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Exploits (1)

exploitdb WRITEUP

by Besim · textwebappsphp

https://www.exploit-db.com/exploits/48420

View Code ZIP pw:eip

This is a writeup describing an unauthenticated backup file access vulnerability in webERP 4.15.1. It explains how an attacker can generate and download backup files without authentication.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: webERP v4.15.1

No auth needed

Prerequisites: Access to the target webERP instance

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

https://www.exploit-db.com/exploits/48420

Product product

http://www.weberp.org

Product product

https://sourceforge.net/projects/web-erp/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-access

Scores

CVSS v3 9.8

EPSS 0.0054

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-552

Status published

Products (1)

weberp/weberp 4.15.1

Published Feb 03, 2026

Tracked Since Feb 18, 2026