Cina666

#8197of 53,633
33.5Total CVSS
Vulnerabilities · 5
Medium
3
High
2
PT-2025-34218
5.3
2025-08-21
Jsherp · Jsherp · CVE-2025-55366
Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the `controllerUserController.java` component of jshERP version 3.5. This allows attackers to arbitrarily reset user account passwords and perform a horizontal privilege escalation attack. Recommendations: Address the access control flaw in the `controllerUserController.java` component.
PT-2025-34219
5.3
2025-08-21
Jsherp · Jsherp · CVE-2025-55367
Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the `controllerSupplierController.java` component of jshERP version 3.5. This allows unauthorized attackers to arbitrarily modify the supplier status. Recommendations: Address the access control issue in the `controllerSupplierController.java` component.
PT-2025-34221
8.8
2025-08-21
Jsherp · Jsherp · CVE-2025-55368
Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the `controllerRoleController.java` component of jshERP version 3.5. This allows unauthorized attackers to arbitrarily modify the supplier status under any account. Recommendations: Address the access control issue in the `controllerRoleController.java` component.
PT-2025-34222
8.8
2025-08-21
Jsherp · Jsherp · CVE-2025-55370
Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the `controllerResourceController.java` component of jshERP version 3.5. This allows unauthorized attackers to obtain all corresponding ID data by modifying the ID value. Recommendations: As a temporary workaround, consider restricting access to the `controllerResourceController.java` component until a patch is available.
PT-2025-34223
5.3
2025-08-21
Jsherp · Jsherp · CVE-2025-55371
Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the `/controller/PersonController.java` component of jshERP version 3.5. This allows unauthorized attackers to obtain all information of the handler by executing the `getAllList()` method. Recommendations: As a temporary workaround, consider restricting access to the `/controller/PersonController.java` component until a fix is available.