jshERP — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in jshERP, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1588	jishenghua jshERP installByPath install path traversal CWE-22	2.7	Low	2026-01-29
CVE-2026-1549	jishenghua jshERP PluginController uploadPluginConfigFile path traversal CWE-22	4.3	Medium	2026-01-28
CVE-2026-1546	jishenghua jshERP com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam sql injection CWE-89	6.3	Medium	2026-01-28
CVE-2025-8840	jshERP Endpoint deleteBatch improper authorization CWE-285	5.4	Medium	2025-08-11
CVE-2025-8839	jshERP Endpoint addUser improper authorization CWE-285	6.3	Medium	2025-08-11
CVE-2025-7948	jshERP updatePwd password recovery CWE-640	4.3	Medium	2025-07-22
CVE-2025-7947	jshERP Account delete improper authorization CWE-285	5.4	Medium	2025-07-22
CVE-2025-7566	jshERP SystemConfigController.java exportExcelByParam path traversal CWE-22	4.7	Medium	2025-07-14

All 8 known CVE vulnerabilities affecting jshERP with full Chinese analysis, references, and POCs where available.