Lucene search
+L

4 matches found

NVD
NVD
added 2024/02/07 12:15 a.m.35 views

CVE-2024-24002

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...

9.8CVSS9.9AI score0.00769EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/06 12:0 a.m.14 views

CVE-2024-24002

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...

7.8AI score0.00769EPSS
Exploits1References2
CVE
CVE
added 2024/02/06 12:0 a.m.152 views

CVE-2024-24002

jshERP v3.3 is affected by an SQL injection in the MaterialController.getListWithStock() function. The vulnerability stems from inadequate filtering of the column and order parameters, allowing crafted input to bypass the safeSqlParse protection. No exploitation details are provided in the availa...

9.8CVSS9.8AI score0.00769EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/06 12:0 a.m.45 views

CVE-2024-24002

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...

10AI score0.00769EPSS
Exploits1References2
Rows per page
Query Builder