| शीर्षक | Jinher OA V1.0 SQL Injection |
|---|
| विवरण | A critical SQL injection vulnerability exists in the nextselectplan.aspx component of Jinhe OA. The httpOID parameter, transmitted via HTTP GET request, is directly concatenated into SQL queries without any input validation, filtering, or parameterized query handling. This allows unauthenticated attackers to inject arbitrary SQL commands by simply crafting a malicious GET request with a specially designed httpOID value. Exploitation requires no authentication, no prior access to the system, and no special privileges. An attacker can exploit this vulnerability remotely by sending a single HTTP GET request to the vulnerable endpoint |
|---|
| स्रोत | ⚠️ https://github.com/Mr-Elymas/cve_submit/issues/1 |
|---|
| उपयोगकर्ता | Elymas (UID 98074) |
|---|
| सबमिशन | 07/05/2026 05:54 PM (1 महीना पहले) |
|---|
| संयम | 06/06/2026 12:08 AM (29 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 369015 [Jinher OA 1.0 nextselectplan.aspx httpOID SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|