CVE-2025-7566 | jshERP up to 3.5 SystemConfigController.java exportExcelByParam Title path traversal

Inserito da Angelo Barbosa | Lug 12, 2025 | CVE

A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfigController.java. The manipulation of the argument Title leads to path traversal.

This vulnerability was named CVE-2025-7566. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7566 | jshERP up to 3.5 SystemConfigController.java exportExcelByParam Title path traversal

Post correlati

CVE-2023-33758 | SpliceCom Maximiser Soft PBX up to 1.5 Login CLIENT_NAME/DEVICE_GUID cross site scripting

CVE-2024-7595 | GRE Protocol/GRE6 Protocol improper authentication

CVE-2024-27098 | GLPI up to 10.0.12 server-side request forgery

CVE-2024-33622 | Fsas Technologies Fujitsu Business Application ID Link Manager II missing authentication