CVE-2024-0988 | Sichuan Yougou Technology KuERP up to 1.0.4 common.php checklogin App_User_id/App_user_Token improper authentication

A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication.

This vulnerability is known as CVE-2024-0988. The attack can only be done within the local network. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0988 | Sichuan Yougou Technology KuERP up to 1.0.4 common.php checklogin App_User_id/App_user_Token improper authentication

Related Posts

CVE-2024-23894 | Cups Easy 1.0 URL stockissuancecreate.php issuancedate cross site scripting

CVE-2024-28387 | axonaut up to 3.1.23 log.txt information disclosure

CVE-2024-5335 | bdthemes Ultimate Store Kit Elementor Addons Plugin up to 1.6.4 on WordPress _ultimate_store_kit_compare_products deserialization

CVE-2024-25452 | Axiomatic Bento4 1.6.0-640 AP4_UrlAtom::AP4_UrlAtom resource consumption