CNNVD-202601-4632 Information
CNNVD ID
CNNVD-202601-4632
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
jshERP(华夏ERP)是中国季圣华个人开发者的一款国产 ERP 系统。 jshERP 3.6及之前版本存在路径遍历漏洞,该漏洞源于对文件/jshERP-boot/plugin/uploadPluginConfigFile中参数configFile的错误操作,可能导致路径遍历攻击。
Description (English)
Jsherp (Wahsha ERP) is a nationally produced ERP system for Chinese personal developers in Zhi Sanhua. JsheRP 3.6 and previous versions have path-to-path loopholes, which stem from the error in the operation of the parameter configFile in file/jsherp-boot/plugin/uploadPluginConfigFile, which could lead to a path-to-path attack.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/jishenghua/jshERP/ https://github.com/jishenghua/jshERP/issues/146 https://github.com/jishenghua/jshERP/issues/146#issue-3817997461 https://vuldb.com/?ctiid.343245 https://vuldb.com/?id.343245 https://vuldb.com/?submit.739805
Share on: