CVE-2024-0989 | Sichuan Yougou Technology KuERP up to 1.0.4 Service.php del_sn_db file path traversal

A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: ‘../filedir’.

This vulnerability is handled as CVE-2024-0989. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0989 | Sichuan Yougou Technology KuERP up to 1.0.4 Service.php del_sn_db file path traversal

Related Posts

CVE-2024-32138 | KaizenCoders Short URL Plugin up to 1.6.8 on WordPress cross site scripting

CVE-2024-22277 | VMware Cloud Director Availability up to 4.7.1 cross site scripting

CVE-2024-6446 | GitLab up to 17.1.6/17.2.4/17.3.1 URL logic error (Issue 470144)

CVE-2024-0370 | Views for WPForms Plugin up to 3.2.2 on WordPress save_view authorization