| Title | Bjskzy Enterprise Resource Planning Software 11.0 XML External Entity Reference |
|---|
| Description | Brief Introduction to Shikong Zhiyou ERP System by Beijing Shikong Zhiyou Technology Co., Ltd.
Beijing Shikong Zhiyou Technology Co., Ltd., established in 2011 and headquartered in Beijing's Zhongguancun High-Tech Zone, specializes in providing cloud-based enterprise resource planning (ERP) solutions for businesses across various industries, with a strong focus on pharmaceutical distribution, retail, and supply chain management . The company is committed to driving digital transformation and business innovation through integrated management platforms, adhering to the philosophy of "customer-centricity" and delivering full-lifecycle value services .
Shikong Zhiyou ERP System Overview
The Shikong Zhiyou ERP system is a comprehensive, industry-specific solution designed to address the complex operational needs of pharmaceutical enterprises, wholesalers, retailers, and supply chain organizations. It serves as the central nervous system for businesses, streamlining core processes, enhancing collaboration, and ensuring compliance with stringent industry regulations such as GSP (Good Supply Practice) standards .
However,Shikong Zhiyou ERP is vulnerable to XML External Entity (XXE) injection vulnerability,com.artery.richclient.RichClientService#initRCForm has an XXE vulnerability |
|---|
| Source | ⚠️ https://github.com/dingpotian/cve-vul/blob/main/Shikong-Zhiyou-ERP/Shikong-Zhiyou-ERP-XXE-RichClientService-initRCForm.md |
|---|
| User | dptcc (UID 94330) |
|---|
| Submission | 01/09/2026 11:08 AM (1 month ago) |
|---|
| Moderation | 01/20/2026 12:19 AM (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341908 [Bjskzy Zhiyou ERP up to 11.0 com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference] |
|---|
| Points | 20 |
|---|