CVE-2025-7947 | jshERP up to 3.5 Account /user/delete ID improper authorization (Issue 124)

Inserito da Angelo Barbosa | Lug 21, 2025 | CVE

A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization.

This vulnerability is traded as CVE-2025-7947. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-7947 | jshERP up to 3.5 Account /user/delete ID improper authorization (Issue 124)

Post correlati

CVE-2023-49258 | Hongdian H8951-4G-ESP prior 2310271149 /gui/terminal_tool.cgi data cross site scripting

CVE-2024-10425 | Project Worlds Student Project Allocation System 1.0 Project Selection Page move_up_project.php up sql injection

CVE-2025-21686 | Linux Kernel up to 6.12.11/6.13.0 io_uring buffer overflow

CVE-2025-24964 | vitest-dev vitest up to 0.0.125/1.6.0/2.1.8/3.0.4 API Server missing origin validation in websockets (GHSA-9crc-q9x8-hgqq)