| Titel | Jinhe OA V1.0 SQL Injection |
|---|
| Beschreibung | A severe SQL injection vulnerability was discovered in the UserSel.aspx component during testing of Jinhe OA. The "DeptIDList" parameter is vulnerable to SQL injection attacks, enabling unauthorized attackers to execute arbitrary SQL queries on the backend database, which could potentially lead to remote code execution under certain conditions.
|
|---|
| Quelle | ⚠️ https://github.com/zzlln/cvecve/issues/1 |
|---|
| Benutzer | ZLNZLN (UID 97174) |
|---|
| Einreichung | 08.04.2026 08:59 (vor 2 Monaten) |
|---|
| Moderieren | 02.05.2026 10:07 (24 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 360818 [Jinher OA 1.0 UserSel.aspx DeptIDList SQL Injection] |
|---|
| Punkte | 19 |
|---|