CNNVD-202601-3294 Information

Jan 20, 2026 cve

CNNVD ID

CNNVD-202601-3294

CVE-2026-1218

CNNVD Published: 2026-01-20

Description (Chinese)

Bjskzy Zhiyou ERP是中国北京时空智友（Bjskzy）公司的一款企业资源计划软件。 Bjskzy Zhiyou ERP 11.0及之前版本存在代码问题漏洞，该漏洞源于对组件com.artery.richclient.RichClientService的文件RichClientService.class的错误操作，可能导致XML外部实体引用。

Description (English)

Bjskzy Zhiyou ERP is an enterprise resource planning software for Bjskzy, China. Bjskzy Zhiyou ERP 11.0 and previous versions had a code-issue loophole, which originated from a mistake made to RichClientService ’ s document, component co.artery.richclient.class, which could lead to a reference by an external XML entity.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

北京时空智友

Published

2026-01-20

Last Modified

2026-02-24

References

https://github.com/dingpotian/cve-vul/blob/main/Shikong-Zhiyou-ERP/Shikong-Zhiyou-ERP-XXE-RichClientService-initRCForm.md https://vuldb.com/?ctiid.341908 https://vuldb.com/?id.341908 https://vuldb.com/?submit.735201

Share on: