CVE-2024-0989

Summary

A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Sichuan Yougou TechnologyKuERP1.0.0affected
Sichuan Yougou TechnologyKuERP1.0.1affected
Sichuan Yougou TechnologyKuERP1.0.2affected
Sichuan Yougou TechnologyKuERP1.0.3affected
Sichuan Yougou TechnologyKuERP1.0.4affected

Weaknesses

  • CWE-24: CWE-24 Path Traversal: '../filedir'

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References