Critical severity9.8NVD Advisory· Published Feb 7, 2024· Updated Jun 17, 2026
CVE-2024-24002
CVE-2024-24002
Description
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in safeSqlParse method for sql injection.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/jishenghua/jshERP/issues/99nvdExploitVendor Advisory
- github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24002.txtnvdThird Party Advisory
News mentions
0No linked articles in our index yet.