CVE-2026-1549 | jishenghua jshERP up to 3.6 PluginController uploadPluginConfigFile configFile path traversal (Issue 146)

A vulnerability was found in jishenghua jshERP up to 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal.

This vulnerability is traded as CVE-2026-1549. The attack may be launched remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1549 | jishenghua jshERP up to 3.6 PluginController uploadPluginConfigFile configFile path traversal (Issue 146)

Post correlati

CVE-2026-0699 | code-projects Intern Membership Management System 1.0 edit_activity.php activity_id sql injection

CVE-2024-24564 | Vyper up to 0.3.10 extract32 start out-of-bounds (GHSA-4hwq-4cpm-8vmx)

CVE-2025-12807 | Rockwell Automation FactoryTalk DataMosaix Private Cloud 7.11/8.00/8.01 API Endpoint sql injection

CVE-2024-28714 | ZhongBangKeJi CRMEB 1.3.4 groupid sql injection