CNNVD-202511-2711 Information
CNNVD ID
CNNVD-202511-2711
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
jshERP(华夏ERP)是中国季圣华个人开发者的一款国产 ERP 系统。 jshERP 2.3.1版本存在安全漏洞,该漏洞源于material/getMaterialEnableSerialNumberList端点直接传递搜索查询参数到parseObject,可能导致Fastjson反序列化漏洞和远程代码执行。
Description (English)
Jsherp (Wahsha ERP) is a nationally produced ERP system for Chinese personal developers in Zhi Sanhua. jsheRP version 2.3.1 contains a security loophole that stems from the direct transmission of search search parameters to parseObject by the material/getMateralEnableSerialNumberList endpoint, which may lead to a back-serialization gap in Fastjson and remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-11-25
Last Modified
2026-02-24
References
https://blog.hackpax.top/jsh-erp/ https://gist.github.com/Paxsizy/a40334ffa7f05c42bf0348833f830108 https://gitee.com/jishenghua https://gitee.com/jishenghua/JSH_ERP https://access.redhat.com/security/cve/cve-2025-51742
Patch
https://github.com/jishenghua/jshERP/releases
Share on: