Jsherp Security Vulnerabilities and Issues — Jsherp CVE List

Lucene search

JishenghuaJsherp

9 matches found

CVE•added 2024/02/08 2:15 a.m.•155 views

CVE-2024-24003

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's prot...

9.8CVSS9.8AI score0.001EPSS

CVE•added 2024/02/07 12:15 a.m.•153 views

CVE-2024-24004

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection ...

9.8CVSS9.8AI score0.00118EPSS

CVE•added 2024/02/07 12:15 a.m.•132 views

CVE-2024-24002

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection ...

9.8CVSS9.8AI score0.00127EPSS

CVE•added 2024/02/07 12:15 a.m.•47 views

CVE-2024-24001

jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.

9.8CVSS9.6AI score0.00059EPSS

CVE•added 2025/07/22 1:15 a.m.•11 views

CVE-2025-7947

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has be...

8.1CVSS5.7AI score0.00044EPSS

CVE•added 2025/07/14 4:15 a.m.•10 views

CVE-2025-7566

A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfigController.java. The manipulation of the argument Title leads to path traversal. The attack can be ...

5.8CVSS4.9AI score0.00092EPSS

CVE•added 2025/07/22 1:15 a.m.•9 views

CVE-2025-7948

A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the p...

6.5CVSS4.7AI score0.00031EPSS

CVE•added 2025/08/11 9:15 a.m.•7 views

CVE-2025-8839

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be ...

6.5CVSS7.2AI score0.00038EPSS

CVE•added 2025/08/11 10:15 a.m.•6 views

CVE-2025-8840

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed...

5.5CVSS7.2AI score0.00044EPSS