webERP 4.15.1 - Unauthenticated Backup File Access

ID: 102928
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Date: 2020-05-01
# Author: Besim ALTINOK
# Vendor Homepage:
# Software Link:
# Version: v4.15.1
# Tested on: Xampp
# Credit: ─░smail BOZKURT

About Software:

webERP is a complete web-based accounting and business management system
that requires only a web-browser and pdf reader to use. It has a wide range
of features suitable for many businesses particularly distributed
businesses in wholesale, distribution, and manufacturing.

PoC Unauthenticated Backup File Access

1- This file generates new Backup File:
2- Someone can download the backup file from:
1-4-2 (www01)