CVE-2020-37082

CRITICAL

webERP 4.15.1 - Info Disclosure

Title source: llm

Description

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Exploits (1)

exploitdb WRITEUP

by Besim · textwebappsphp

https://www.exploit-db.com/exploits/48420

View Code ZIP pw:eip

References (4)

[Product] http://www.weberp.org

[Product] https://sourceforge.net/projects/web-erp/

[Exploit] https://www.exploit-db.com/exploits/48420

[Third Party Advisory] https://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-access

Scores

CVSS v3 9.8

EPSS 0.0032

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-552

Status published

Products (1)

weberp/weberp 4.15.1

Published Feb 03, 2026

Tracked Since Feb 18, 2026