5 matches found
CVE-2024-24003
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's...
CVE-2024-24003
CVE-2024-24003 affects jshERP v3.3. The vulnerability is a SQL injection in com.jsh.erp.controller.DepotHeadController.findInOutMaterialCount() caused by insufficient filtering of the column and order parameters in safeSqlParse. Exploitation details are not provided in the supplied sources; no ac...
CVE-2024-24004
CVE-2024-24004 affects jshERP v3.3. The vulnerability arises in com.jsh.erp.controller.DepotHeadController.findInOutDetail() where safeSqlParse does not properly filter the column and order parameters, enabling SQL injection by crafting a malicious payload. Impact is described as high/critical (C...
CVE-2024-24001
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism...
CVE-2024-24001
CVE-2024-24001 affects jshERP v3.3 and is a SQL Injection in the internal API path com.jsh.erp.controller.DepotHeadController.findallocationDetail() via com.jsh.erp.utils.BaseResponseInfo. The vulnerability allows an attacker to craft a malicious payload to bypass protection mechanisms. Impact in...