CNNVD-202508-2626 Information

CNNVD ID

CNNVD-202508-2626

Related CVE

CVE-2025-55366

• CNNVD Published: 2025-08-21

Description (Chinese)

jshERP（华夏ERP）是中国季圣华个人开发者的一款国产 ERP 系统。 jshERP v3.5版本存在安全漏洞，该漏洞源于UserController.java组件中的访问控制不当，可能导致水平权限提升。

Description (English)

Jsherp (Wahsha ERP) is a nationally produced ERP system for Chinese personal developers in Zhi Sanhua. There is a security loophole in version jsherp v3.5, which stems from inappropriate access controls in the UserController.java component, which may lead to an increase in horizontal privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-21

Last Modified

2026-02-24

References

https://github.com/jishenghua/jshERP https://github.com/cina666/CVE/blob/main/jshERP/CVE-2025-55366.md http://jsherp.com https://nvd.nist.gov/vuln/detail/CVE-2025-55366