CNNVD-202512-677 Information

CNNVD ID

CNNVD-202512-677

Related CVE

CVE-2025-14089

• CNNVD Published: 2025-12-05

Description (Chinese)

HimoolERP是Himool个人开发者的一个企业资源计划管理系统。 HimoolERP 2.2及之前版本存在授权问题漏洞，该漏洞源于对文件/api/admin/update_account/中函数update_account的授权不当，可能导致远程攻击。

Description (English)

HemoolerP is an enterprise resource planning management system for Himool personal developers. There is a mandate gap in the HimoolerP 2.2 and earlier versions, which stems from inappropriate authorization of document/api/admin/update account/middle functionupdate account, which could lead to a remote attack.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

个人开发者

Published

2025-12-05

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.334479 https://vuldb.com/?submit.696049 https://github.com/caigo8/CVE-md/blob/main/BoxwoodERP/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md https://vuldb.com/?id.334479 https://access.redhat.com/security/cve/cve-2025-14089