Lucene search
K

96 matches found

Nuclei
Nuclei
added 8 hours ago14 views

Jinher OA - SQL Injection

jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...

9.8CVSS6.7AI score0.03559EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.12 views

CVE-2026-11435

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS7AI score0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 4:16 p.m.9 views

CVE-2026-11435

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/06/06 3:15 p.m.25 views

CVE-2026-11435

The vulnerability CVE-2026-11435 affects Jinher OA 1.0, specifically the nextselectplan.aspx file. The issue stems from manipulating the httpOID argument, enabling a SQL injection. It is a network-accessible flaw with LOW confidentiality, integrity, and availability impacts per the CVSS, and has ...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/06 3:15 p.m.9 views

CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 2026/06/06 11:16 a.m.12 views

CVE-2026-11412

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 11:0 a.m.8 views

CVE-2026-11412

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/06 11:0 a.m.36 views

CVE-2026-11412 Jinher OA GetFormSn.aspx sql injection

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/06/06 11:0 a.m.22 views

CVE-2026-11412

The CVE-2026-11412 entry describes a SQL injection weakness in Jinher OA C6, via GetFormSn.aspx at /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. The vulnerability is exploitable by manipulating the queryID parameter from remote, with exploit code publicly available. Affected component is an unknown ...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 11:0 a.m.12 views

EUVD-2026-34967

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.14 views

PT-2026-47157

Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description An issue in the file 'nextselectplan.aspx' allows for remote SQL injection. This occurs through the manipulation of the httpOID parameter. SQL injection is a technique where an attacker inserts malicious SQL...

7.5CVSS7.3AI score0.00259EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/02 10:15 p.m.3 views

CVE-2026-7670 Jinher OA UserSel.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS5.6AI score0.00259EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/02 10:15 p.m.7 views

EUVD-2026-26803

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS5.6AI score0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/02 10:15 p.m.8 views

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/02 10:15 p.m.52 views

CVE-2026-7670 Jinher OA UserSel.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/05/02 10:15 p.m.20 views

CVE-2026-7670

Jinher OA 1.0 is affected by CVE-2026-7670 due to a SQL injection in the unknown function of /C6/JHSoft.Web.PlanSummarize/UserSel.aspx via the DeptIDList argument. Exploit maturity is shown as PROOF-OF-CONCEPT, and exploitation is possible remotely with no user interaction. The vulnerability has ...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/23 12:32 a.m.3 views

CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS5.2AI score0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/23 12:32 a.m.24 views

CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.6 views

PT-2026-21478

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References5
OSV
OSV
added 2025/10/06 5:16 p.m.3 views

CVE-2025-11341

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...

9.8CVSS5.5AI score0.00477EPSS
Exploits1References4
Rows per page
Query Builder