CVE-2026-1546 | jishenghua jshERP up to 3.6 com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam barCodes sql injection (Issue 145)

A vulnerability was found in jishenghua jshERP up to 3.6. It has been classified as critical. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads to sql injection.

This vulnerability is traded as CVE-2026-1546. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1546 | jishenghua jshERP up to 3.6 com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam barCodes sql injection (Issue 145)

Post correlati

CVE-2025-14691 | Mayan EDMS up to 4.10.1 /authentication/ cross site scripting

CVE-2024-6356 | GitLab Enterprise Edition up to 17.0.5/17.1.3/17.2.1 Security Policy Bot incorrect user management (Issue 469108)

CVE-2024-53171 | Linux Kernel up to 6.12.1 ubifs_tnc_start_commit use after free

CVE-2024-1529 | CMS Made Simple 2.2.14 /admin/adduser.php cross site scripting