WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| logicworks | web_erp | * |