jshERP ଯେପର୍ଯ୍ୟନ୍ତ 3.5 Account /user/delete ID ବିସ୍ତାରିତ ଅଧିକାର

ଏଣ୍ଟ୍ରିଇତିହାସମିଶ୍ରଣ କରନ୍ତୁjsonxmlCTI

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame jshERP ଯେପର୍ଯ୍ୟନ୍ତ 3.5 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /user/delete keessa kutaa Account Handler keessa. Hojii jijjiirraa irratti gaggeeffame ID gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-285 geessa. Dadhabbii kana yeroo 07/21/2025 maxxanfameera akka 124. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-7947tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 ଆଡାପ୍ଟେସନ୍ · 99 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 07/21/2025 09:54 AM	ଅଦ୍ୟତନ 1/3 07/22/2025 04:12 AM	ଅଦ୍ୟତନ 2/3 07/22/2025 02:25 PM	ଅଦ୍ୟତନ 3/3 07/30/2025 09:36 PM
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	5.5	5.5	5.5	5.5
cvss2_vuldb_tempscore	4.7	4.7	4.7	4.7
cvss3_vuldb_basescore	5.4	5.4	5.4	5.4
cvss3_vuldb_tempscore	4.9	4.9	4.9	4.9
cvss3_meta_basescore	5.4	5.4	5.4	6.3
cvss3_meta_tempscore	4.9	4.9	5.1	6.1
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1753048800 (07/21/2025)	1753048800 (07/21/2025)	1753048800 (07/21/2025)	1753048800 (07/21/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_name	jshERP	jshERP	jshERP	jshERP
software_version	<=3.5	<=3.5	<=3.5	<=3.5
software_component	Account Handler	Account Handler	Account Handler	Account Handler
software_file	/user/delete	/user/delete	/user/delete	/user/delete
software_argument	id	id	id	id
vulnerability_cwe	CWE-285 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-285 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-285 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-285 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	N	N	N	N
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	124	124	124	124
advisory_url	https://github.com/jishenghua/jshERP/issues/124	https://github.com/jishenghua/jshERP/issues/124	https://github.com/jishenghua/jshERP/issues/124	https://github.com/jishenghua/jshERP/issues/124
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/jishenghua/jshERP/issues/124	https://github.com/jishenghua/jshERP/issues/124	https://github.com/jishenghua/jshERP/issues/124	https://github.com/jishenghua/jshERP/issues/124
source_cve	CVE-2025-7947	CVE-2025-7947	CVE-2025-7947	CVE-2025-7947
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	N	N	N	N
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	N	N	N	N
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
euvd_id		EUVD-2025-22275	EUVD-2025-22275	EUVD-2025-22275
cve_nvd_summary			A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes			Se ha detectado una vulnerabilidad crítica en jshERP hasta la versión 3.5. Afecta a una función desconocida del archivo /user/delete del componente Account Handler. La manipulación del ID del argumento provoca una autorización incorrecta. Es posible ejecutar el ataque en remoto. Se ha hecho público el exploit y puede que sea utilizado.	Se ha detectado una vulnerabilidad crítica en jshERP hasta la versión 3.5. Afecta a una función desconocida del archivo /user/delete del componente Account Handler. La manipulación del ID del argumento provoca una autorización incorrecta. Es posible ejecutar el ataque en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			N	N
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			N	N
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			5.4	5.4
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			N	N
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			5.5	5.5
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				N
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.1

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!