| Título | Jinhe OA V1.0 SQL Injection |
|---|
| Descrição | A severe SQL injection vulnerability was discovered in the UserSel.aspx component during testing of Jinhe OA. The "DeptIDList" parameter is vulnerable to SQL injection attacks, enabling unauthorized attackers to execute arbitrary SQL queries on the backend database, which could potentially lead to remote code execution under certain conditions.
|
|---|
| Fonte | ⚠️ https://github.com/zzlln/cvecve/issues/1 |
|---|
| Utilizador | ZLNZLN (UID 97174) |
|---|
| Submissão | 08/04/2026 08h59 (há 2 meses) |
|---|
| Moderação | 02/05/2026 10h07 (24 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 360818 [Jinher OA 1.0 UserSel.aspx DeptIDList Injeção SQL] |
|---|
| Pontos | 19 |
|---|