2025-08-21 00:00:00
mitre
PUBLISHED
Incorrect access control in the component controllerUserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.