CVE-2026-11469
Deferred Deferred - Pending Action
Server-Side Request Forgery in jshERP

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to server-side request forgery. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-08
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-11469
EUVD
EUVD-2026-35000
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jishenghua jsherp to 3.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stored Server-Side Request Forgery (SSRF) found in jishenghua jshERP versions 3.6 and earlier. It occurs in the insertPlatformConfig function of the platformConfig Add Endpoint, where an attacker with administrative privileges can inject a malicious URL by setting the platformKey to "weixinUrl" and platformValue to a target URL.

The malicious URL is stored in the jsh_platform_config database table. Later, when the system calls WeChat-related functions such as getAccessToken, getUserByWeixinCode, or weixinBind, it retrieves this stored URL and uses it in an HTTP GET request without proper validation. This allows attackers to make arbitrary outbound HTTP requests from the server to internal services, cloud metadata endpoints, or other restricted network locations.

The root cause is insufficient input validation during configuration storage and retrieval, enabling the execution of attacker-controlled URLs when WeChat API functions are triggered.

Impact Analysis

This vulnerability can allow an attacker to make arbitrary HTTP GET requests from the vulnerable server to internal or external systems. This can lead to several impacts:

  • Bypass of network restrictions or firewalls by making requests to internal services that are not normally accessible externally.
  • Access to sensitive internal resources such as cloud metadata endpoints, which may expose credentials or configuration data.
  • Potential information disclosure or further exploitation by leveraging the server as a proxy to reach otherwise inaccessible systems.
  • Compromise of system integrity or confidentiality depending on what internal services are accessible via the SSRF.
Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the /platformConfig/add endpoint, especially those setting the platformKey to "weixinUrl" with unusual or unexpected platformValue URLs.

You can check the jsh_platform_config database table for any stored URLs that look suspicious or unexpected, as these URLs may be used to trigger SSRF.

Network monitoring tools can be used to detect unexpected outbound HTTP GET requests originating from the server to internal services or cloud metadata endpoints, which may indicate exploitation attempts.

  • Use curl or similar tools to simulate the POST request and check if the system accepts malicious URLs: curl -X POST -d 'platformKey=weixinUrl&platformValue=http://malicious.example.com' http://target-server/platformConfig/add
  • Query the database to find suspicious entries: SELECT * FROM jsh_platform_config WHERE platformKey = 'weixinUrl';
  • Monitor outbound HTTP requests from the server using tools like tcpdump or Wireshark to detect unusual HTTP GET requests to internal or external unexpected destinations.
Mitigation Strategies

Immediate mitigation steps include restricting access to the /platformConfig/add endpoint to trusted administrative users only, as the vulnerability requires administrative privileges to exploit.

Validate and sanitize all inputs to the platformValue parameter to prevent injection of malicious URLs.

Review and remove any suspicious or untrusted URLs stored in the jsh_platform_config database table, especially those associated with the platformKey "weixinUrl".

Implement network-level controls to restrict outbound HTTP requests from the server to only trusted destinations, preventing SSRF exploitation.

Monitor logs and network traffic for signs of exploitation attempts and respond accordingly.

Since the project has not yet responded with a patch, consider applying custom input validation or temporarily disabling the vulnerable functionality if possible.

Compliance Impact

The vulnerability allows an attacker with administrative privileges to perform server-side request forgery (SSRF) by injecting malicious URLs into the system configuration. This can lead to unauthorized outbound HTTP requests to internal services or cloud metadata endpoints, potentially exposing sensitive internal information or enabling further attacks.

Such unauthorized access and potential data exposure could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data, as well as ensuring system integrity and preventing unauthorized access.

However, the provided information does not explicitly detail the direct compliance impact or specific regulatory breaches caused by this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11469. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart