22 matches found
EUVD-2026-4847
A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...
PT-2026-5265
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal. It...
CVE-2026-1549
CVE-2026-1549 affects jishenghua jshERP up to version 3.6. The vulnerability is a path traversal in PluginController’s uploadPluginConfigFile handling of the configFile argument, with potential remote exploitation. Public exploits exist. External notices (Red Hat, CIRCL, etc.) corroborate the iss...
CVE-2026-1546
A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...
CVE-2026-1546
CVE-2026-1546 affects jishenghua jshERP up to version 3.6. The vulnerability is an SQL injection in DepotItemMapperEx.getBillItemByParam (file /jshERP-boot/depotItem/importItemExcel) triggered by manipulating the barCodes parameter. It can be exploited remotely and has been publicly disclosed. Re...
CVE-2025-51745
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
EUVD-2025-199651
An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...
EUVD-2025-199642
An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...
EUVD-2025-199650
An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...
EUVD-2025-199649
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
EUVD-2025-199648
An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51745
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51745
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51745
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
PT-2025-48085
An issue was discovered in jishenghua JSH ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51746
An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...
PT-2025-48083
An issue was discovered in jishenghua JSH ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51743
An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51746
An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...
PT-2025-48084
An issue was discovered in jishenghua JSH ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...