32 matches found
EUVD-2026-34970
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
Jinher OA SQL注入漏洞
Jinher OA is a collaborative management software developed by Jinher Company in China. Version 1.0 of Jinher OA contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter httpOID in the file nextselectplan.aspx, which may lead to SQL injection...
CVE-2026-7670
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
Jinher OA 注入漏洞
Jinher OA is a collaborative management software developed by Jinher Corporation in China. Version 1.0 of Jinher OA contains a SQL injection vulnerability. This vulnerability stems from the operation of an unknown function on the parameter DeptIDList within the file...
VulnCheck KEV: CVE-2025-10090
A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...
CVE-2026-2963
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2026-2963
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2026-2963
Jinher OA C6 (up to 20260210) is affected by an injection in OfficeSupplyTypeRight.aspx via manipulation of id/offsnum leading to SQL injection. Remote attack possible; exploit publicly disclosed. Patch is recommended to address the issue.
Jinher OA C6 SQL注入漏洞
Jinher OA C6 is a digital office platform developed by Jinher Corporation. Versions of Jinher OA C6 prior to 20260210 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “id” or “offsnum” in the file...
CVE-2025-11341
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The...
CVE-2025-11341
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...
EUVD-2025-32568
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...
PT-2025-40917
Name of the Vulnerable Software and Affected Versions Jinher OA versions prior to 2.0 Description A security flaw exists in Jinher OA. The issue involves xml external entity reference within an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo=1...
EUVD-2025-30447
Malicious code in bioql PyPI...
CVE-2025-11035
A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-11035
CVE-2025-11035 affects Jinher OA 2.0. The vulnerability originates from an XML External Entity (XXE) reference in the code path related to the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This allows remote abuse without user interaction. The issue is described across ...
PT-2025-39082
Name of the Vulnerable Software and Affected Versions Jinher OA version 2.0 Description A security flaw exists in Jinher OA 2.0 related to the XML Handler component. Manipulation of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl=add can lead to xml external entity...
Jinher OA 代码问题漏洞
Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA version 2.0, which stems from incorrect operation of the XML processing component in file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx, which could lead to an XML external...