MidnightBSD

Advisories for jerryhanjj

CVE-2024-42563

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.

Products Affected

Vendor Product Version
jerryhanjj erp *
CVE-2024-42564

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.

Products Affected

Vendor Product Version
jerryhanjj erp 2018-03-02
CVE-2024-42565

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.

Products Affected

Vendor Product Version
jerryhanjj erp 2018-03-02
CVE-2025-29390

jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
jerryhanjj erp 1.0