📦 Zhiyou Erp

by Zhiyou Group

🔍 What is Zhiyou Erp?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2025-11140

HIGH CVSS 7.3 Sep 29, 2025

This vulnerability allows remote attackers to execute XML External Entity (XXE) attacks against Bjskzy Zhiyou ERP systems up to version 11.0. By manipulating the contentString parameter in the openFor...

CVE-2025-11139

MEDIUM CVSS 6.3 Sep 29, 2025

This is a path traversal vulnerability in Bjskzy Zhiyou ERP that allows attackers to manipulate file paths in the uploadStudioFile function. Remote exploitation could enable unauthorized file access o...

CVE-2025-9391

MEDIUM CVSS 6.3 Aug 24, 2025

This CVE describes a SQL injection vulnerability in Bjskzy Zhiyou ERP software up to version 11.0. Attackers can remotely exploit the getFieldValue function in the workflow component to execute arbitr...