Submit #740649: https://github.com/jishenghua/jshERP jshERP v3.6 Path Traversalinfo

Titlehttps://github.com/jishenghua/jshERP jshERP v3.6 Path Traversal
DescriptionIn function "com.gitee.starblues.integration.operator.DefaultPluginOperator#install". The path provided by the user is passed into the "java.nio.file.Files#exists" function without any filtering, allowing directory traversal using '..' and similar methods, resulting in information disclosure about whether a file exists or type of a file.
Source⚠️ https://github.com/jishenghua/jshERP/issues/147
User
 mukyuuhate (UID 93052)
Submission01/16/2026 09:05 (5 months ago)
Moderation01/29/2026 07:01 (13 days later)
StatusAccepted
VulDB entry343351 [jishenghua jshERP up to 3.6 installByPath install path path traversal]
Points19

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!