PT-2025-36451 · Jinher Oa · Jinher Oa
Abc_123456
·
Published
2025-09-08
·
Updated
2026-02-12
·
CVE-2025-10090
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Jinher OA versions prior to 1.3
Description:
A flaw has been found in Jinher OA up to version 1.2. The issue involves SQL injection in an unknown function within the file
/C6/Jhsoft.Web.departments/GetTreeDate.aspx. Manipulation of the ID argument can trigger the injection. The attack can be launched remotely.Recommendations:
Update Jinher OA to version 1.3 or later.
As a temporary workaround, restrict access to the
/C6/Jhsoft.Web.departments/GetTreeDate.aspx file.
Avoid using the ID parameter in the affected file until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jinher Oa