VYPR
Vendor

Megagao

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2026-31271CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.01

    megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing…

  • CVE-2026-2860MedFeb 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to…

  • CVE-2025-4333MedMay 6, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the…

  • CVE-2026-2864MedFeb 21, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to path traversal. The…

  • CVE-2026-2863MedFeb 21, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely.…

  • CVE-2025-4530MedMay 11, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path…