Jsherp Security Vulnerabilities

CVE-2024-24003

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's...

CVE-2024-24004

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection....

CVE-2024-24002

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection....

CVE-2024-24001

jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection...

CVE-2024-24000

jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable...

CVE-2023-48894

Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter...