WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Web_erp |
Logicworks |
* |
0.1.4 (including) |
References