CVE-2026-1588 | jishenghua jshERP up to 3.6 installByPath install path path traversal (Issue 147)

A vulnerability classified as problematic was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal.

This vulnerability is known as CVE-2026-1588. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1588 | jishenghua jshERP up to 3.6 installByPath install path path traversal (Issue 147)

Post correlati

CVE-2024-54046 | Adobe Connect up to 11.4.7/12.6 cross site scripting (apsb24-99)

CVE-2024-2200 | BestWebSoft Contact Form Plugin up to 4.2.8 on WordPress cntctfrm_contact_subject cross site scripting

CVE-2025-0180 | Chimpstudio WP Foodbakery Plugin up to 4.7 on WordPress privileges management

CVE-2025-68261 | Linux Kernel up to 6.12.61/6.17.11/6.18.0 fs/ext4/indirect.c ext4_destroy_inline_data_nolock buffer overflow