# Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access  
# Date: 2020-05-01  
# Author: Besim ALTINOK  
# Vendor Homepage:  
# Software Link:  
# Version: v4.15.1  
# Tested on: Xampp  
# Credit: İsmail BOZKURT  
About Software:  
webERP is a complete web-based accounting and business management system  
that requires only a web-browser and pdf reader to use. It has a wide range  
of features suitable for many businesses particularly distributed  
businesses in wholesale, distribution, and manufacturing.  
PoC Unauthenticated Backup File Access  
1- This file generates new Backup File:  
2- Someone can download the backup file from: