| शीर्षक | jishenghua jshERP <=3.6 Path Traversal |
|---|
| विवरण | A stored path traversal vulnerability in jshERP-boot allows an attacker to perform arbitrary file operations (delete) on the server. The vulnerability exists because the POST /addAccountHeadAndDetail endpoint accepts a fileName field within a JSON body without sanitization. This malicious string is persisted in the jsh_account_head database table. When a user subsequently triggers a deletion of the account head record via batchDeleteAccountHeadByIds, the application retrieves the stored path and passes it to SystemConfigService.deleteFileByPathList. This service uses the unsanitized path in Paths.get(), Files.copy(), and Files.delete(), enabling an attacker to traverse the file system using sequences like ../. |
|---|
| स्रोत | ⚠️ https://github.com/jishenghua/jshERP/issues/154 |
|---|
| उपयोगकर्ता | Ana10gy (UID 93358) |
|---|
| सबमिशन | 20/05/2026 04:39 AM (19 दिन पहले) |
|---|
| संयम | 07/06/2026 11:22 AM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 369087 [jishenghua jshERP तक 3.6 addAccountHeadAndDetail Endpoint AccountHeadService.java fileName निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|