CVE-2026-2963

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Jinher OA C6 versions prior to 20260210

Description A flaw exists in Jinher OA C6 that allows for SQL injection. The issue stems from improper handling of input in the /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx file. Specifically, manipulation of the id and offsnum arguments can lead to SQL injection. This allows for remote exploitation. The details of the exploit have been publicly disclosed.

Recommendations Install a patch to address this vulnerability.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-2963

Affected Products

Jinher Oa C6

CVE-2026-2963

Weakness Enumeration

Related Identifiers

Affected Products

References · 10