jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-06-12T14:40:17.447Z
Reserved: 2024-01-25T00:00:00.000Z
Link: CVE-2024-24000

Updated: 2024-08-01T23:13:08.566Z

Status : Modified
Published: 2024-02-06T16:15:52.317
Modified: 2025-06-12T15:15:35.663
Link: CVE-2024-24000

No data.