CVE-2026-8320 | jishenghua jshERP up to 3.6 updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode weixinUrl server-side request forgery (Issue 152)

A vulnerability was found in jishenghua jshERP up to 3.6. It has been declared as critical. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl leads to server-side request forgery.

This vulnerability is documented as CVE-2026-8320. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More