Vulnerability Details CVE-2018-20420
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 5.5
References