| عنوان | jishenghua jshERP <=3.6 SSRF |
|---|
| الوصف | A stored Server-Side Request Forgery (SSRF) vulnerability in jshERP-boot allows administrative users to trigger arbitrary outbound HTTP GET requests. An attacker can submit a malicious URL via the POST /platformConfig/add endpoint (or update via /platformConfig/update) by setting the platformKey to weixinUrl and the platformValue to an internal or external target. This value is persisted in the jsh_platform_config table. When the system subsequently invokes WeChat-related functions (such as getAccessToken, getUserByWeixinCode, or weixinBind), it retrieves the stored URL and passes it to HttpClient.httpGet() without validation. This enables an attacker to probe internal services, access cloud metadata endpoints, or bypass network restrictions.
|
|---|
| المصدر | ⚠️ https://github.com/jishenghua/jshERP/issues/155 |
|---|
| المستخدم | Ana10gy (UID 93358) |
|---|
| ارسال | 20/05/2026 06:23 AM (21 أيام منذ) |
|---|
| الاعتدال | 07/06/2026 11:27 AM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 369089 [jishenghua jshERP حتى 3.6 platformConfig Add Endpoint PlatformConfigService.java insertPlatformConfig platformValue تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|