3 matches found
CVE-2024-24003
creationtimestamp| type| source ---|---|--- 2024-02-08 03:31:43+00:00| seen| https://t.me/ctinow/181134 2024-03-02 08:36:55+00:00| seen| https://t.me/ctinow/198269...
CVE-2024-24003
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's...
CVE-2024-24003
CVE-2024-24003 affects jshERP v3.3. The vulnerability is a SQL injection in com.jsh.erp.controller.DepotHeadController.findInOutMaterialCount() caused by insufficient filtering of the column and order parameters in safeSqlParse. Exploitation details are not provided in the supplied sources; no ac...