VYPR
Critical severity9.8NVD Advisory· Published Feb 8, 2024· Updated Jun 17, 2026

CVE-2024-24003

CVE-2024-24003

Description

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in safeSqlParse method for sql injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • jshERP/jshERPcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =3.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.