Huaxiaerp: >> Jsherp Security Vulnerabilities
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-06
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-30