| Название | Beijing Jinhe Network Co., LTD Jin and OA C6 SQL Injection |
|---|
| Описание | The cause of SQL injection vulnerabilities is that the website application does not verify the validity of the data submitted by users to the server (such as type, length, validity of business parameters, etc.), and does not effectively filter the data input by users with special characters. As a result, the user's input is directly executed in the database, which exceeds the expected original design result of the SQL statement, leading to SQL injection Enter the loophole. Gold and OA no correct filtering "/ C6/JHSoft.Web.ModuleCount/GetFormSn aspx" QueryID parameter in the content, lead to generate SQL injection. |
|---|
| Источник | ⚠️ https://github.com/MichaelZhuang521/cve/issues/3 |
|---|
| Пользователь | MichaelChong (UID 83981) |
|---|
| Представление | 06.05.2026 04:59 (1 месяц назад) |
|---|
| Модерация | 05.06.2026 20:38 (1 month later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 368969 [Jinher OA C6 GetFormSn.aspx queryID SQL-инъекция] |
|---|
| Баллы | 20 |
|---|