VYPR

Production Ssm

by feng_ha_ha

CVEs (3)

  • CVE-2025-4768MedMay 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate…

  • CVE-2026-2863MedFeb 21, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely.…

  • CVE-2025-45617May 5, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.