CVE-2026-11412 | Jinher OA C6 GetFormSn.aspx queryID sql injection

Inserito da Angelo Barbosa | Giu 5, 2026 | CVE

A vulnerability described as critical has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection.

This vulnerability appears as CVE-2026-11412. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-11412 | Jinher OA C6 GetFormSn.aspx queryID sql injection

Post correlati

CVE-2025-23413 | F5 BIG-IP Next Central Manager 20.0.1/20.0.2/20.1.0/20.2.0/20.2.1 webUI/API log file (K000149185)

CVE-2025-8859 | code-projects eBlog Site 1.0 File Upload save-slider.php unrestricted upload

CVE-2023-41015 | code-projects Online Job Portal 1.0 DeleteJob.php sql injection

CVE-2025-52136 | EMQX up to 5.8.5 Novel Plugin unusual condition