CVE-2026-11435

Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0

Description An issue in the file 'nextselectplan.aspx' allows for remote SQL injection. This occurs through the manipulation of the httpOID parameter. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to read or modify sensitive database information.

Recommendations Avoid using the httpOID parameter in the 'nextselectplan.aspx' file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.