A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication.

This vulnerability is known as CVE-2024-0988. The attack can only be done within the local network. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.