WebErpMesv2, a Resource Management and Manufacturing execution system for industry, contains a critical vulnerability prior to version 1.19. The application exposes multiple sensitive API endpoints without authentication middleware, allowing unauthenticated remote attackers to access business-critical data including companies, quotes, orders, tasks, and whiteboards. Attackers also have limited write access to create company records and manipulate collaboration whiteboards. This represents a significant security risk for manufacturing and industrial organizations using this system. The vulnerability has been addressed in version 1.19.