11 matches found
CVE-2024-24001
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism...
CVE-2024-24003
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's...
CVE-2024-24003
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's...
CVE-2024-24003
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's...
CVE-2024-24004
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
CVE-2024-24001
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism...
CVE-2024-24004
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
CVE-2024-24001
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism...
Sql injection
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism...
Sql injection
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
PT-2024-20227 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue allows an attacker to construct a malicious payload to bypass the protection mechanism of jshERP via the com.jsh.erp.controller.DepotHeadController and the findallocationDetail function of...