提交 #849470: Jinher OA V1.0 SQL Injection信息

标题Jinher OA V1.0 SQL Injection
描述A critical SQL injection vulnerability has been discovered in the PlanGiveOut.aspx component of Jinher OA. The affected parameter is httpOID, which is used to retrieve or manipulate plan-related data. Due to improper sanitization of user-supplied input before incorporating it into SQL queries, an attacker can inject arbitrary SQL commands into the backend database. This flaw is especially dangerous because it does not require any form of authentication — even unauthenticated remote attackers can exploit it by sending specially crafted HTTP requests to the vulnerable endpoint.
来源⚠️ https://github.com/weini587/CVE/issues/1
用户
 weini123 (UID 98786)
提交2026-06-05 16時10分 (1 月前)
管理2026-07-12 13時08分 (1 month later)
状态已接受
VulDB条目377846 [Jinher OA 1.0 PlanGiveOut.aspx httpOID SQL注入]
积分20

Might our Artificial Intelligence support you?

Check our Alexa App!