Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
JishenghuaJsherp

7 matches found

CVE
CVEadded 2024/02/08 2:15 a.m.155 views

CVE-2024-24003

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's prot...

9.8CVSS9.8AI score0.001EPSS
CVE
CVEadded 2024/02/07 12:15 a.m.151 views

CVE-2024-24004

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection ...

9.8CVSS9.8AI score0.00118EPSS
CVE
CVEadded 2024/02/07 12:15 a.m.132 views

CVE-2024-24002

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection ...

9.8CVSS9.8AI score0.00127EPSS
CVE
CVEadded 2024/02/07 12:15 a.m.47 views

CVE-2024-24001

jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.

9.8CVSS9.6AI score0.00059EPSS
CVE
CVEadded 2025/07/14 4:15 a.m.10 views

CVE-2025-7566

A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfigController.java. The manipulation of the argument Title leads to path traversal. The attack can be ...

5.8CVSS4.9AI score0.00084EPSS
CVE
CVEadded 4 days ago6 views

CVE-2025-7947

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has be...

5.5CVSS5.7AI score0.00034EPSS
CVE
CVEadded 4 days ago6 views

CVE-2025-7948

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the p...

5.3CVSS4.7AI score0.00025EPSS