cina666/CVE

Releases0

Document my own CVE documentation

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-55371 ↗	Aug 21, 2025Thursday, 21 August 2025, 15:15	5.3 MEDIUM	—
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.
CVE-2025-55366 ↗	Aug 21, 2025Thursday, 21 August 2025, 14:15	5.3 MEDIUM	—
Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.
CVE-2025-55367 ↗	Aug 21, 2025Thursday, 21 August 2025, 14:15	5.3 MEDIUM	—
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVE-2025-55368 ↗	Aug 21, 2025Thursday, 21 August 2025, 14:15	8.8 HIGH	—
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVE-2025-55370 ↗	Aug 21, 2025Thursday, 21 August 2025, 14:15	8.8 HIGH	—
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.