| 제목 | Beijing Jinhe Network Co., LTD Jin and OA C6 SQL Injection |
|---|
| 설명 | The cause of SQL injection vulnerabilities is that the website application does not verify the validity of the data submitted by users to the server (such as type, length, validity of business parameters, etc.), and does not effectively filter the data input by users with special characters. As a result, the user's input is directly executed in the database, which exceeds the expected original design result of the SQL statement, leading to SQL injection Enter the loophole. Gold and OA no correct filtering "/ C6/JHSoft.Web.ModuleCount/GetFormSn aspx" QueryID parameter in the content, lead to generate SQL injection. |
|---|
| 원천 | ⚠️ https://github.com/MichaelZhuang521/cve/issues/3 |
|---|
| 사용자 | MichaelChong (UID 83981) |
|---|
| 제출 | 2026. 05. 06. AM 04:59 (1 월 ago) |
|---|
| 모더레이션 | 2026. 06. 05. PM 08:38 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 368969 [Jinher OA C6 GetFormSn.aspx queryID SQL 주입] |
|---|
| 포인트들 | 20 |
|---|