Description
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-01-28
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Path Traversal
Action: Patch ASAP
AI Analysis

Impact

The PluginController in jshERP includes an uploadPluginConfigFile function that accepts a configFile argument. The current implementation does not sanitize this parameter, resulting in a path traversal flaw. An attacker can supply crafted values for configFile, causing the application to resolve file paths outside of the intended directory structure. This flaw enables remote attackers to read arbitrary files or, depending on the server configuration, write files that could be executed or used in further attacks.

Affected Systems

Affected systems are installations of jshERP from the vendor Jishenghua up to version 3.6. The product is hosted at jishenghua/jshERP on GitHub. No higher versions have been identified in the data, so any deployment of version 3.6 or earlier is potentially vulnerable.

Risk and Exploitability

The CVSS base score is 5.3 indicating moderate severity, and the EPSS score is below 1%, suggesting a low probability of exploitation under current threat landscapes. However, the vulnerability is publicly documented, and an exploit is available. Attackers can invoke the flaw remotely by sending a crafted HTTP request to the /jshERP-boot/plugin/uploadPluginConfigFile endpoint using the configFile parameter. Because the flaw does not require local privileges, the impact can affect confidentiality and integrity of files on the server.

Generated by OpenCVE AI on April 18, 2026 at 01:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade jshERP to the latest release that removes the path traversal issue or apply the official patch if released.
  • Restrict access to the uploadPluginConfigFile endpoint to only authenticated and authorized administrative users.
  • Validate all user-supplied file paths on the server side, ensuring that the configFile value does not contain '..' or URL-encoded directory separators, and that it resolves within a designated safe directory.
  • Deploy a Web Application Firewall (WAF) rule that detects and blocks path traversal patterns targeting the uploadPluginConfigFile endpoint.

Generated by OpenCVE AI on April 18, 2026 at 01:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jishenghua:jsherp:*:*:*:*:*:*:*:*

Thu, 29 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Jishenghua
Jishenghua jsherp
Vendors & Products Jishenghua
Jishenghua jsherp

Wed, 28 Jan 2026 23:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Title jishenghua jshERP PluginController uploadPluginConfigFile path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Jishenghua Jsherp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:02:48.663Z

Reserved: 2026-01-28T16:53:00.932Z

Link: CVE-2026-1549

cve-icon Vulnrichment

Updated: 2026-01-29T15:58:48.897Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-28T23:15:50.870

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-1549

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T01:45:33Z

Weaknesses