VulDBCVELIST:CVE-2024-0989CVE-2024-0989 Sichuan Yougou Technology KuERP Service.php del_sn_db path traversal
4.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:P/A:P
5.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
9.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.3%
A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: ‘…/filedir’. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CNA Affected
[
{
"vendor": "Sichuan Yougou Technology",
"product": "KuERP",
"versions": [
{
"version": "1.0.0",
"status": "affected"
},
{
"version": "1.0.1",
"status": "affected"
},
{
"version": "1.0.2",
"status": "affected"
},
{
"version": "1.0.3",
"status": "affected"
},
{
"version": "1.0.4",
"status": "affected"
}
]
}
]Related
4.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:P/A:P
5.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
9.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.3%