PT-2026-21478 · Jinher · Jinher Oa C6
Smitug01
·
Publicado
2026-02-23
·
Atualizado
2026-02-23
·
CVE-2026-2963
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jinher OA C6 versions prior to 20260210
Description
A flaw exists in Jinher OA C6 that allows for SQL injection. The issue stems from improper handling of input in the
/C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx file. Specifically, manipulation of the id and offsnum arguments can lead to SQL injection. This allows for remote exploitation. The details of the exploit have been publicly disclosed.Recommendations
Install a patch to address this vulnerability.
Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Jinher Oa C6