Filtered by vendor Jishenghua
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24002 | 1 Jishenghua | 1 Jsherp | 2024-08-26 | 9.8 Critical |
| jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. | ||||
| CVE-2024-24004 | 1 Jishenghua | 1 Jsherp | 2024-08-19 | 9.8 Critical |
| jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. | ||||
| CVE-2024-24003 | 1 Jishenghua | 1 Jsherp | 2024-08-01 | 9.8 Critical |
| jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. | ||||
| CVE-2024-24001 | 1 Jishenghua | 1 Jsherp | 2024-08-01 | 9.8 Critical |
| jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism. | ||||
Page 1 of 1.