6 matches found
Sql injection
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...
CVE-2024-24002
jshERP v3.3 is affected by an SQL injection in the MaterialController.getListWithStock() function. The vulnerability stems from inadequate filtering of the column and order parameters, allowing crafted input to bypass the safeSqlParse protection. No exploitation details are provided in the availa...
There are 4 sql injection vulnerabilities and 1 file upload vulnerability in jshERP v3.3
public static String safeSqlParseString originStr re...
Improper access control
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function...
CVE-2023-48894
The CVE-2023-48894 entry concerns jshERP v3.3 and is caused by incorrect access control in the doFilter function, enabling attackers to obtain sensitive information. Affected software: jshERP 3.3. Documented impact is information disclosure without exploitation details. Remediation guidance from ...
CVE-2023-48894
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function...