| tiêu đề | Beijing Jinhe Network Co., LTD Jin and OA C6 SQL Injection |
|---|
| Mô tả | The cause of SQL injection vulnerabilities is that the website application does not verify the validity of the data submitted by users to the server (such as type, length, validity of business parameters, etc.), and does not effectively filter the data input by users with special characters. As a result, the user's input is directly executed in the database, which exceeds the expected original design result of the SQL statement, leading to SQL injection Enter the loophole. Gold and OA no correct filtering "/ C6/JHSoft.Web.ModuleCount/GetFormSn aspx" QueryID parameter in the content, lead to generate SQL injection. |
|---|
| Nguồn | ⚠️ https://github.com/MichaelZhuang521/cve/issues/3 |
|---|
| Người dùng | MichaelChong (UID 83981) |
|---|
| Đệ trình | 06/05/2026 04:59 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 05/06/2026 20:38 (1 month later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 368969 [Jinher OA C6 GetFormSn.aspx queryID Tiêm SQL] |
|---|
| điểm | 20 |
|---|