| Título | Beijing Jinhe Network Co., LTD Jin and OA C6 SQL Injection |
|---|
| Descrição | The cause of SQL injection vulnerabilities is that the website application does not verify the validity of the data submitted by users to the server (such as type, length, validity of business parameters, etc.), and does not effectively filter the data input by users with special characters. As a result, the user's input is directly executed in the database, which exceeds the expected original design result of the SQL statement, leading to SQL injection Enter the loophole. Gold and OA no correct filtering "/ C6/JHSoft.Web.ModuleCount/GetFormSn aspx" QueryID parameter in the content, lead to generate SQL injection. |
|---|
| Fonte | ⚠️ https://github.com/MichaelZhuang521/cve/issues/3 |
|---|
| Utilizador | MichaelChong (UID 83981) |
|---|
| Submissão | 06/05/2026 04h59 (há 1 mês) |
|---|
| Moderação | 05/06/2026 20h38 (1 month later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 368969 [Jinher OA C6 GetFormSn.aspx queryID Injeção SQL] |
|---|
| Pontos | 20 |
|---|