CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-24001

jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24001.txt
https://github.com/jishenghua/jshERP/issues/99
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24001.txt
https://github.com/jishenghua/jshERP/issues/99

Products affected by CVE-2024-24001

Jishenghua » Jsherp » Version: 3.3

cpe:2.3:a:jishenghua:jsherp:3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-24001

Products

Pricing

Contact Us