| عنوان | Beijing Jinhe Network Co., LTD Jin and OA C6 SQL Injection |
|---|
| الوصف | The cause of SQL injection vulnerabilities is that the website application does not verify the validity of the data submitted by users to the server (such as type, length, validity of business parameters, etc.), and does not effectively filter the data input by users with special characters. As a result, the user's input is directly executed in the database, which exceeds the expected original design result of the SQL statement, leading to SQL injection Enter the loophole. Gold and OA no correct filtering "/ C6/JHSoft.Web.ModuleCount/GetFormSn aspx" QueryID parameter in the content, lead to generate SQL injection. |
|---|
| المصدر | ⚠️ https://github.com/MichaelZhuang521/cve/issues/3 |
|---|
| المستخدم | MichaelChong (UID 83981) |
|---|
| ارسال | 06/05/2026 04:59 AM (1 شهر منذ) |
|---|
| الاعتدال | 05/06/2026 08:38 PM (1 month later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 368969 [Jinher OA C6 GetFormSn.aspx queryID حقن SQL] |
|---|
| النقاط | 20 |
|---|