← Back

Jsherp

jsherp

Vendor: Huaxiaerp • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-24000
1Huaxiaerp
1Jsherp
Jun 12, 2025
Feb 6, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary f...Show more
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.Show less
CVE-2023-48894
1Huaxiaerp
1Jsherp
Nov 21, 2024
Nov 30, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.