| Titre | Jinher OA V1.2 SQL Injection |
|---|
| Description | A critical SQL injection vulnerability was discovered in Jinhe OA's /C6/Jhsoft.Web.departments/GetTreeDate.aspx component. The "id" parameter is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries on the backend database. |
|---|
| La source | ⚠️ https://github.com/Cstarplus/CVE/issues/1 |
|---|
| Utilisateur | abc_123456 (UID 89341) |
|---|
| Soumission | 30/08/2025 15:11 (il y a 9 mois) |
|---|
| Modérer | 08/09/2025 06:57 (9 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 323045 [Jinher OA jusqu’à 1.2 GetTreeDate.aspx ID injection SQL] |
|---|
| Points | 18 |
|---|