cina666

3 exploits Active since Aug 2025
CVE-2025-55368 WRITEUP HIGH WRITEUP
jshERP 3.5 - Unauthenticated Arbitrary Supplier Status Modification via RoleController
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVSS 8.8
CVE-2025-55370 WRITEUP HIGH WRITEUP
jshERP 3.5 - Authorization Bypass via ResourceController ID Parameter
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.
CVSS 8.8
CVE-2025-55371 WRITEUP MEDIUM WRITEUP
jshERP 3.5 - Unauthenticated Information Disclosure via PersonController getAllList Method
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.
CVSS 5.3