Submeter #811303: jishenghua jshERP <=3.6 SSRFinformação

Títulojishenghua jshERP <=3.6 SSRF
DescriçãoA server-side request forgery (SSRF) vulnerability exists in the WeChat integration flow. An authenticated admin user can modify platform configuration values via the /platformConfig/updatePlatformConfigByKey endpoint, setting the weixinUrl to an arbitrary URL. When WeChat login is subsequently triggered, the application makes HTTP requests to the attacker-controlled URL.
Fonte⚠️ https://github.com/jishenghua/jshERP/issues/152
Utilizador
 Ana10gy (UID 93358)
Submissão23/04/2026 10h48 (há 2 meses)
Moderação11/05/2026 15h33 (18 days later)
EstadoAceite
Entrada VulDB362607 [jishenghua jshERP até 3.6 updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode weixinUrl Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!