6 matches found
CVE-2024-24002
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
Sql injection
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
CVE-2024-24002
jshERP v3.3 is affected by an SQL injection in the MaterialController.getListWithStock() function. The vulnerability stems from inadequate filtering of the column and order parameters, allowing crafted input to bypass the safeSqlParse protection. No exploitation details are provided in the availa...
CVE-2024-24002
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
CVE-2024-24002
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
PT-2024-20228 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue is related to SQL Injection. The com.jsh.erp.controller.MaterialController, specifically the getListWithStock function, does not properly filter the column and order parameters, allowing an attacker t...