CNNVD-202509-4420 Information

CNNVD ID

CNNVD-202509-4420

Related CVE

CVE-2025-11140

• CNNVD Published: 2025-09-29

Description (Chinese)

Bjskzy Zhiyou ERP是中国北京时空智友（Bjskzy）公司的一款企业资源计划软件。 Bjskzy Zhiyou ERP 11.0及之前版本存在代码问题漏洞，该漏洞源于对组件com.artery.richclient.RichClientService中函数openForm的参数contentString的错误操作，可能导致XML外部实体引用攻击。

Description (English)

Bjskzy Zhiyou ERP is an enterprise resource planning software for Bjskzy, China. Bjskzy Zhiyou ERP 11.0 and previous versions had a code problem loophole, which stemmed from the error in the parameter of the openForm function in component co.artery.richclient.richClitService, which could lead to an attack by an outside XML entity.

Hazard Level

Medium

Vulnerability Type

代码问题

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/FightingLzn9/vul/blob/main/%E6%97%B6%E7%A9%BA%E6%99%BA%E5%8F%8Berp-3.md https://vuldb.com/?ctiid.326217 https://vuldb.com/?id.326217 https://vuldb.com/?submit.658090