Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable, unauthenticated SQL injection with no user interaction; C:H and I:H reflect typical full database read/write capability of unmitigated SQLi; A:L as application disruption is secondary.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SQL injection in Jinher OA 1.0 exposes the PlanGiveOut.aspx endpoint to remote unauthenticated exploitation via the unsanitized httpOID parameter, enabling database enumeration, data exfiltration, and record manipulation. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no prerequisites beyond network access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No authentication is required - the CVSS 4.0 vector PR:N and UI:N confirm unauthenticated, no-interaction exploitation. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.9 (Medium) with VC:L/VI:L/VA:L reflects a conservative partial-impact rating, but this likely understates realistic risk: SQL injection in an OA backend typically permits full database table read and write, not merely limited access, unless row-level security or stored procedure isolation is in place - neither of which is indicated by available data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to a Jinher OA 1.0 instance sends a crafted HTTP GET or POST request to `/C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx` with a SQL payload injected into the `httpOID` parameter (e.g., `httpOID=1' UNION SELECT table_name,NULL FROM information_schema.tables--`). Using the publicly available POC on GitHub as a reference, the attacker enumerates database tables and extracts employee records, credentials, or plan data stored in the OA backend. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the vendor did not respond to coordinated disclosure. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
SQL injection in Jinher OA 1.0 allows remote unauthenticated attackers to manipulate the httpOID parameter of nextselect
SQL injection in Jinher OA 1.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the DeptIDL
SQL injection in Jinher OA C6's GetFormSn.aspx endpoint allows remote low-privilege authenticated attackers to manipulat
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43259
GHSA-g9x4-g2rg-r435