3 matches found
Jinher OA - SQL Injection
jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...
CVE-2025-10090
A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...
CVE-2025-10090
Jinher OA contains a SQL injection vulnerability in the GetTreeDate.aspx file (parameter ID). Impact: remote attacker could execute arbitrary SQL; exploit publicly published. Affected versions: up to 1.2 per CVE context; remediation: upgrade to 1.3 or later. Temporary mitigations include restrict...