96 matches found
Jinher OA - SQL Injection
jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435
The vulnerability CVE-2026-11435 affects Jinher OA 1.0, specifically the nextselectplan.aspx file. The issue stems from manipulating the httpOID argument, enabling a SQL injection. It is a network-accessible flaw with LOW confidentiality, integrity, and availability impacts per the CVSS, and has ...
CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11412
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412 Jinher OA GetFormSn.aspx sql injection
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412
The CVE-2026-11412 entry describes a SQL injection weakness in Jinher OA C6, via GetFormSn.aspx at /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. The vulnerability is exploitable by manipulating the queryID parameter from remote, with exploit code publicly available. Affected component is an unknown ...
EUVD-2026-34967
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
PT-2026-47157
Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description An issue in the file 'nextselectplan.aspx' allows for remote SQL injection. This occurs through the manipulation of the httpOID parameter. SQL injection is a technique where an attacker inserts malicious SQL...
CVE-2026-7670 Jinher OA UserSel.aspx sql injection
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
EUVD-2026-26803
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
CVE-2026-7670
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
CVE-2026-7670 Jinher OA UserSel.aspx sql injection
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
CVE-2026-7670
Jinher OA 1.0 is affected by CVE-2026-7670 due to a SQL injection in the unknown function of /C6/JHSoft.Web.PlanSummarize/UserSel.aspx via the DeptIDList argument. Exploit maturity is shown as PROOF-OF-CONCEPT, and exploitation is possible remotely with no user interaction. The vulnerability has ...
CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...
PT-2026-21478
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-11341
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...