Critical severity9.8NVD Advisory· Published Feb 8, 2024· Updated Jun 17, 2026
CVE-2024-24003
CVE-2024-24003
Description
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in safeSqlParse method for sql injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/jishenghua/jshERP/issues/99nvdExploitVendor Advisory
- github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24003.txtnvdThird Party Advisory
News mentions
0No linked articles in our index yet.