Vulnerability Description
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jishenghua | Jsherp | <= 3.6 |
Related Weaknesses (CWE)
References
- https://github.com/jishenghua/jshERP/Product
- https://github.com/jishenghua/jshERP/issues/146ExploitIssue Tracking
- https://github.com/jishenghua/jshERP/issues/146#issue-3817997461ExploitIssue Tracking
- https://vuldb.com/?ctiid.343245Permissions RequiredVDB Entry
- https://vuldb.com/?id.343245Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.739805Third Party AdvisoryVDB Entry
- https://github.com/jishenghua/jshERP/issues/146ExploitIssue Tracking
- https://github.com/jishenghua/jshERP/issues/146#issue-3817997461ExploitIssue Tracking
FAQ
What is CVE-2026-1549?
CVE-2026-1549 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugin...
How severe is CVE-2026-1549?
CVE-2026-1549 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1549?
Check the references section above for vendor advisories and patch information. Affected products include: Jishenghua Jsherp.