Home

Description

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-21 | Updated 2025-08-21 | Assigner mitre

References

jsherp.com

github.com/jishenghua/jshERP

github.com/...lob/main/jshERP/越权致任意接管账号.md

cve.org (CVE-2025-55371)

nvd.nist.gov (CVE-2025-55371)

Download JSON