CNNVD-202601-4942 Information

CNNVD ID

CNNVD-202601-4942

Related CVE

CVE-2026-1588

• CNNVD Published: 2026-01-29

Description (Chinese)

jshERP（华夏ERP）是中国季圣华个人开发者的一款国产 ERP 系统。 jshERP 3.6及之前版本存在路径遍历漏洞，该漏洞源于对文件/jshERP-boot/plugin/installByPath中参数path的错误操作，可能导致路径遍历。

Description (English)

Jsherp (Wahsha ERP) is a nationally produced ERP system for Chinese personal developers in Zhi Sanhua. JsheRP 3.6 and previous versions have path-to-path loopholes, which stem from an error in the parameter path in file/jsherp-boot/plugin/installByPath, which may lead to path-to-paths.

Hazard Level

Critical

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/jishenghua/jshERP/ https://github.com/jishenghua/jshERP/issues/147 https://vuldb.com/?ctiid.343351 https://vuldb.com/?id.343351 https://vuldb.com/?submit.740649