CVE-2026-11469
4.7 MEDIUMA flaw has been found in jishenghua jshERP up to 3.6
Published: 2026-06-08 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 4.7 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-918
Description
A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to server-side request forgery. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11469
- [Other]https://github.com/jishenghua/jshERP/
- [Other]https://github.com/jishenghua/jshERP/issues/155
- [Other]https://vuldb.com/cve/CVE-2026-11469
- [Other]https://vuldb.com/submit/833815
- [Other]https://vuldb.com/vuln/369089
- [Other]https://vuldb.com/vuln/369089/cti
Related CVEs
Same CWE
- CVE-2026-47938 — Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability tha... (10.0 CRITICAL)
- CVE-2026-45504 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network (8.8 HIGH)
- CVE-2026-45502 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network (5.0 MEDIUM)
- CVE-2026-45501 — Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized ... (6.5 MEDIUM)
- CVE-2026-41854 — Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may... (4.2 MEDIUM)