CVE-2020-37082 HIGH

CVE-2020-37082: webERP 4.15.1 - Unauthenticated Backup File Access

Vendor Weberp

Product webERP

Weakness CWE-552 · Files accessible externally

Published February 3, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.

Key dates

02Disclosure timeline

February 3, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-37082

Related vulnerabilities

CVE-2020-37082: webERP 4.15.1 - Unauthenticated Backup File Access

01Description

02Disclosure timeline

03References

04Related CVE