CVE-2020-37082

CRITICAL

webERP 4.15.1 - Info Disclosure

Title source: llm

Description

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Exploits (1)

exploitdb WRITEUP

by Besim · textwebappsphp

https://www.exploit-db.com/exploits/48420

View Code ZIP pw:eip

References (4)

[Product] http://www.weberp.org

[Product] https://sourceforge.net/projects/web-erp/

[Exploit] https://www.exploit-db.com/exploits/48420

[Third Party Advisory] https://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-access

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-552

Status published

Affected Products (1)

weberp/weberp

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026