CVE-2024-0989 is a path traversal vulnerability identified in Sichuan Yougou Technology's KuERP software versions 1.0.0 through 1.0.4. The vulnerability exists in the del_sn_db function within the /application/index/controller/Service.php file. Specifically, the issue arises from improper validation of the 'file' argument, which allows an attacker to manipulate the input with '../filedir' sequences to traverse directories outside the intended file path. This can lead to unauthorized access or deletion of files on the server. The vulnerability is classified under CWE-24 (Improper Restriction of File Name or Path), indicating a failure to properly sanitize user-supplied file paths. The CVSS v3.1 base score is 5.4 (medium severity), with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, meaning the attack requires adjacent network access (e.g., local network), has low attack complexity, requires no privileges or user interaction, and impacts integrity and availability but not confidentiality. The vendor was notified but did not respond, and no patches or mitigations have been published yet. Although no known exploits are currently reported in the wild, the public disclosure of the vulnerability and its exploitability make it a credible threat. Attackers could leverage this vulnerability to delete or modify critical files, potentially disrupting ERP operations or causing data loss.

For European organizations using KuERP, this vulnerability poses a risk to the integrity and availability of their ERP system data. Exploitation could allow attackers to delete or alter files critical to business operations, leading to operational downtime, financial losses, and potential regulatory compliance issues, especially under GDPR if data integrity is compromised. Since KuERP is an enterprise resource planning system, disruption could affect supply chain management, financial reporting, and other core business functions. The medium CVSS score reflects moderate risk, but the lack of vendor response and patches increases exposure. Organizations with KuERP installations accessible over local or adjacent networks are particularly vulnerable. Given the potential for file deletion or modification, attackers could also use this as a foothold to escalate attacks or disrupt services. The absence of confidentiality impact reduces risk of data leakage, but integrity and availability impacts remain significant for business continuity.

1. Immediate mitigation should include restricting network access to the KuERP application to trusted hosts only, ideally isolating it within a secure network segment to prevent adjacent network attackers. 2. Implement strict input validation and sanitization on the 'file' parameter at the application level to prevent path traversal sequences such as '../'. 3. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting the del_sn_db function or related endpoints. 4. Regularly monitor application logs for suspicious file path manipulation attempts. 5. If possible, disable or restrict the del_sn_db function until a vendor patch is available. 6. Maintain offline backups of critical ERP data to enable recovery in case of file deletion or corruption. 7. Engage with the vendor or community to track patch releases or unofficial fixes. 8. Conduct penetration testing focused on path traversal to identify other potential vulnerable endpoints. These steps go beyond generic advice by focusing on network segmentation, application-level filtering, and proactive monitoring tailored to this specific vulnerability and product.