Lucene search
K

6 matches found

Prion
Prion
added 2024/02/07 12:15 a.m.18 views

Sql injection

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...

7.5CVSS8.2AI score0.00769EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/06 12:0 a.m.149 views

CVE-2024-24002

jshERP v3.3 is affected by an SQL injection in the MaterialController.getListWithStock() function. The vulnerability stems from inadequate filtering of the column and order parameters, allowing crafted input to bypass the safeSqlParse protection. No exploitation details are provided in the availa...

9.8CVSS9.8AI score0.00769EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2024/01/12 8:40 a.m.44 views

There are 4 sql injection vulnerabilities and 1 file upload vulnerability in jshERP v3.3

public static String safeSqlParseString originStr re...

7.5AI score
Exploits0
Prion
Prion
added 2023/11/30 10:15 p.m.13 views

Improper access control

Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function...

4CVSS6.5AI score0.00621EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/11/30 12:0 a.m.31 views

CVE-2023-48894

The CVE-2023-48894 entry concerns jshERP v3.3 and is caused by incorrect access control in the doFilter function, enabling attackers to obtain sensitive information. Affected software: jshERP 3.3. Documented impact is information disclosure without exploitation details. Remediation guidance from ...

6.5CVSS6.2AI score0.00621EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/11/30 12:0 a.m.19 views

CVE-2023-48894

Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function...

6.4AI score0.00621EPSS
Exploits1References1
Rows per page
Query Builder