CVE-2026-11412 | Jinher OA C6 GetFormSn.aspx queryID sql injection
摘要
A vulnerability described as <a href="https://vuldb.com/kb/risk">critical</a> has been identified in <a href="https://vuldb.com/product/jinher:oa">Jinher OA C6</a>. The affected element is an unknown function of the file <em>/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx</em>. Executing a manipulation of the argument <em>queryID</em> can lead to sql injection. This vulnerability appears as <a href="https://vuldb.com/cve/CVE-2026-11412">CVE-2026-11412</a>. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
标签
- CVE-2026-11412
扩展字段
{
"raw_pub_date": "Fri, 05 Jun 2026 20:43:46 +0200"
}