A vulnerability classified as critical has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection.
This vulnerability is registered as CVE-2026-15517. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.