CVE-2026-1218

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Bjskzy Zhiyou ERP versions prior to 11.0

Description A flaw exists in Bjskzy Zhiyou ERP that allows for xml external entity reference manipulation. This issue is present in the initRCForm function within the RichClientService.class file of the com.artery.richclient.RichClientService component. The attack can be carried out remotely. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 11.0 should be updated. As a temporary workaround, consider restricting access to the RichClientService component to minimize the risk of exploitation.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-610

Related Identifiers

CVE-2026-1218

Affected Products

Bjskzy Zhiyou Erp

CVE-2026-1218

Weakness Enumeration

Related Identifiers

Affected Products

References · 8