Elymas

**Name of the Vulnerable Software and Affected Versions** Jinher OA version 1.0 **Description** An issue in the file 'nextselectplan.aspx' allows for remote SQL injection. This occurs through the manipulation of the `httpOID` parameter. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to read or modify sensitive database information. **Recommendations** Avoid using the `httpOID` parameter in the 'nextselectplan.aspx' file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit topic.php. Such manipulation of the argument topic id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.