cina666

3 exploits Active since Aug 2025
CVE-2025-55368 WRITEUP HIGH WRITEUP
jshERP <3.5 - Privilege Escalation
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVSS 8.8
CVE-2025-55370 WRITEUP HIGH WRITEUP
jshERP <3.5 - Info Disclosure
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.
CVSS 8.8
CVE-2025-55371 WRITEUP MEDIUM WRITEUP
jshERP <3.5 - Info Disclosure
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.
CVSS 5.3