A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596.
References
Link | Resource |
---|---|
https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md | Broken Link |
https://vuldb.com/?ctiid.250596 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.250596 | Third Party Advisory |
https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md | Broken Link |
https://vuldb.com/?ctiid.250596 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.250596 | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md - Broken Link | |
References | () https://vuldb.com/?ctiid.250596 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.250596 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
22 Jan 2024, 19:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:* | |
First Time |
Huaxiaerp huaxia Erp
Huaxiaerp |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://vuldb.com/?ctiid.250596 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.250596 - Third Party Advisory | |
References | () https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md - Broken Link |
13 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-13 15:15
Updated : 2024-11-21 08:46
NVD link : CVE-2024-0491
Mitre link : CVE-2024-0491
CVE.ORG link : CVE-2024-0491
JSON object : View
Products Affected
huaxiaerp
- huaxia_erp
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password