Jishenghua

Jsherp

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-60800

Exploit
  • EPSS 0.07%
  • Veröffentlicht 28.10.2025 00:00:00
  • Zuletzt bearbeitet 06.11.2025 18:44:16

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.

8.2

CVE-2025-60801

Exploit
  • EPSS 0.19%
  • Veröffentlicht 24.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 21:06:25

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.

5.3

CVE-2025-55371

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 19:11:54

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.

8.8

CVE-2025-55370

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 19:11:44

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.

8.8

CVE-2025-55368

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 19:11:37

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

5.3

CVE-2025-55367

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 19:11:20

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

5.3

CVE-2025-55366

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 19:11:30

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

5.5

CVE-2025-8840

Exploit
  • EPSS 0.06%
  • Veröffentlicht 11.08.2025 09:32:05
  • Zuletzt bearbeitet 09.09.2025 19:09:48

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch th...

8.8

CVE-2025-8839

Exploit
  • EPSS 0.05%
  • Veröffentlicht 11.08.2025 09:15:30
  • Zuletzt bearbeitet 09.09.2025 19:00:42

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exp...

6.5

CVE-2025-7948

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.07.2025 01:04:32
  • Zuletzt bearbeitet 30.07.2025 15:46:05

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched ...