Jsherp Security Vulnerabilities and Issues — Jsherp CVE List

Lucene search

JishenghuaJsherp

4 matches found

CVE•added 2024/02/08 2:15 a.m.•155 views

CVE-2024-24003

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's prot...

9.8CVSS9.8AI score0.001EPSS

CVE•added 2024/02/07 12:15 a.m.•151 views

CVE-2024-24004

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection ...

9.8CVSS9.8AI score0.00118EPSS

CVE•added 2024/02/07 12:15 a.m.•132 views

CVE-2024-24002

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection ...

9.8CVSS9.8AI score0.00127EPSS

CVE•added 2024/02/07 12:15 a.m.•47 views

CVE-2024-24001

jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.

9.8CVSS9.6AI score0.00059EPSS