漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
jishenghua jshERP platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig server-side request forgery
Vulnerability Description
A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to server-side request forgery. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
jshERP(华夏ERP) 代码问题漏洞
Vulnerability Description
jshERP(华夏ERP)是中国季圣华个人开发者的一款国产 ERP 系统。 jshERP(华夏ERP) 3.6及之前版本存在代码问题漏洞,该漏洞源于platformConfig Add端点中文件jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java的insertPlatformConfig函数对参数platformValue操作不当,可能导致服务端请求伪造。攻击者可远程利用。
CVSS Information
N/A
Vulnerability Type
N/A