VYPR
Critical severity9.8NVD Advisory· Published Feb 6, 2024· Updated Jun 17, 2026

CVE-2024-24000

CVE-2024-24000

Description

jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • jshERP/jshERPcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 3.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.