PT-2026-21352 · Feng Ha Ha · Production Ssm+1

Jszdk

Publicado

2026-02-21

Atualizado

2026-02-21

CVE-2026-2860

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions feng ha ha/megagao ssm-erp and production ssm (affected versions not specified)

Description A security issue exists in feng ha ha/megagao ssm-erp and production ssm. The issue involves improper authorization due to manipulation within the EmployeeController.java file. This allows for remote attacks. The exploit has been publicly disclosed. The product utilizes a rolling release model, and no specific version details for affected or updated releases are available. The project was notified of the issue but has not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authorization

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-266

Identificadores relacionados

CVE-2026-2860

Produtos afetados

Megagao Ssm-Erp

Production Ssm

PT-2026-21352 · Feng Ha Ha · Production Ssm+1

CVE-2026-2860

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8