Afish

**Name of the Vulnerable Software and Affected Versions** Jinher OA C6 version 1.0 **Description** A critical issue was found in the file IncentivePlanFulfillAppprove.aspx, where the manipulation of the `httpOID` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For Jinher OA C6 version 1.0, as a temporary workaround, consider restricting access to the IncentivePlanFulfillAppprove.aspx file until a patch is available. Avoid using the `httpOID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System version 1.0 **Description** A critical issue affects the HTTP Header Handler component, specifically the file /Kfxt/Service.asmx. The manipulation of the `X-Forwarded-For` argument leads to SQL injection. This issue may be exploited remotely. The exploit has been disclosed publicly, and the vendor was contacted but did not respond. **Recommendations** As a temporary workaround, consider restricting access to the `/Kfxt/Service.asmx` endpoint until a patch is available. Avoid using the `X-Forwarded-For` argument in the affected HTTP Header Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.