EUVD-2026-34998
GHSA-h9vf-m6r3-vxmh
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the argument fileName leads to path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in jishenghua jshERP up to version 3.6 allows authenticated remote attackers to manipulate the fileName argument at the addAccountHeadAndDetail endpoint, producing limited but confirmed integrity and availability impacts (I:L/A:L). The vulnerability is in AccountHeadService.java within the Java ERP application, and a proof-of-concept exploit has been publicly disclosed via the project's GitHub issue tracker. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a valid low-privilege authenticated account within jshERP (CVSS PR:L confirmed); unauthenticated exploitation is not supported by the available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.4 medium score reflects the constrained impact profile: no confidentiality impact (C:N), only low integrity and availability impact (I:L/A:L), and a requirement for low-privilege authentication (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a standard low-privilege jshERP user account sends a crafted HTTP POST request to the `addAccountHeadAndDetail` endpoint, supplying a `fileName` parameter containing path traversal sequences such as `../../conf/application.properties`. Because the application does not sanitize the input, the server processes the traversal and may write to or reference a file outside the intended upload directory - for example, overwriting a configuration file or placing a malicious file in a location that affects application availability. … |
| Remediation | No vendor-released patch identified at time of analysis - the vendor had not responded to the issue report filed at https://github.com/jishenghua/jshERP/issues/154 as of disclosure. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.tran
Remote code execution in Spring for GraphQL versions 1.3.0-1.3.8, 1.4.0-1.4.5, and 2.0.0-2.0.3 allows unauthenticated at
NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers t
Origin validation failure in Spring Cloud Gateway (WebMVC and WebFlux Server variants) allows remote attackers to spoof
Server-Side Request Forgery in Spring Web Services (versions 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1) al
Share
External POC / Exploit Code
Leaving vuln.today