156 matches found
Jinher OA - SQL Injection
jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...
CVE-2026-15517
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...
CVE-2026-15517 Jinher OA PlanGiveOut.aspx sql injection
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...
CVE-2026-15517
CVE-2026-15517 affects Jinher OA 1.0. The vulnerability resides in an unknown function within the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx, where manipulation of the httpOID argument enables a SQL injection. Remote exploitation is possible, and an exploit has been published. The vendor ...
CVE-2026-11412
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435
The vulnerability CVE-2026-11435 affects Jinher OA 1.0, specifically the nextselectplan.aspx file. The issue stems from manipulating the httpOID argument, enabling a SQL injection. It is a network-accessible flaw with LOW confidentiality, integrity, and availability impacts per the CVSS, and has ...
EUVD-2026-34970
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11412
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412 Jinher OA GetFormSn.aspx sql injection
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
EUVD-2026-34967
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412 Jinher OA GetFormSn.aspx sql injection
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412
The CVE-2026-11412 entry describes a SQL injection weakness in Jinher OA C6, via GetFormSn.aspx at /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. The vulnerability is exploitable by manipulating the queryID parameter from remote, with exploit code publicly available. Affected component is an unknown ...
PT-2026-47157
Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description An issue in the file 'nextselectplan.aspx' allows for remote SQL injection. This occurs through the manipulation of the httpOID parameter. SQL injection is a technique where an attacker inserts malicious SQL...
PT-2026-47152
Name of the Vulnerable Software and Affected Versions Jinher OA C6 affected versions not specified Description A SQL injection flaw exists in the file '/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx'. A remote attacker can exploit this by manipulating the queryID argument. SQL injection is a technique...