CVE-2020-37082
Unauthenticated File Access in webERP 4.15.1 Allows Backup Download
Publication date: 2026-02-03
Last updated on: 2026-02-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weberp | weberp | 4.15.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
webERP version 4.15.1 has a security flaw that allows anyone on the internet to access and download database backup files without needing to log in or authenticate.
Specifically, attackers can directly request backup files named in the format Backup_[timestamp].sql.gz located in the companies/weberp/ directory, gaining access to sensitive data stored in these backups.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive company data contained in the database backups.
Attackers can download these backups remotely without any authentication, potentially exposing confidential business information, customer data, and other critical information.
Such exposure can result in data breaches, financial loss, reputational damage, and further exploitation by malicious actors.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know