Jishenghua

Jsherp

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2025-8840

Exploit
  • EPSS 0.4%
  • Veröffentlicht 11.08.2025 09:32:05
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch th...

8.8

CVE-2025-8839

Exploit
  • EPSS 0.3%
  • Veröffentlicht 11.08.2025 09:15:30
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exp...

6.5

CVE-2025-7948

Exploit
  • EPSS 0.36%
  • Veröffentlicht 22.07.2025 01:04:32
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched ...

8.1

CVE-2025-7947

Exploit
  • EPSS 0.36%
  • Veröffentlicht 22.07.2025 00:32:05
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible ...

7.2

CVE-2025-7566

Exploit
  • EPSS 0.57%
  • Veröffentlicht 14.07.2025 03:02:05
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfigController.java. The manipulation of the argument ...

9.8

CVE-2024-24003

Exploit
  • EPSS 0.8%
  • Veröffentlicht 08.02.2024 02:15:07
  • Zuletzt bearbeitet 08.05.2025 19:15:58

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker ca...

9.8

CVE-2024-24001

Exploit
  • EPSS 0.68%
  • Veröffentlicht 07.02.2024 00:15:56
  • Zuletzt bearbeitet 15.05.2025 20:15:45

jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's pr...

9.8

CVE-2024-24004

Exploit
  • EPSS 0.68%
  • Veröffentlicht 07.02.2024 00:15:56
  • Zuletzt bearbeitet 21.11.2024 08:58:48

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can const...

9.8

CVE-2024-24002

Exploit
  • EPSS 0.77%
  • Veröffentlicht 07.02.2024 00:15:56
  • Zuletzt bearbeitet 21.11.2024 08:58:48

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can const...