Skip to main content

Jinher OA C6 EUVD-2026-34967

| CVE-2026-11412 LOW
SQL Injection (CWE-89)
2026-06-06 VulDB GHSA-5422-5257-mh57
SQLi Oa
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 06, 2026 - 11:30 vuln.today
Severity Changed
Jun 06, 2026 - 11:22 NVD
MEDIUM LOW
CVSS changed
Jun 06, 2026 - 11:22 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in Jinher OA C6's GetFormSn.aspx endpoint allows remote low-privilege authenticated attackers to manipulate the queryID parameter, potentially reading, modifying, or deleting backend database records. A public proof-of-concept exploit is available on GitHub, lowering the barrier to exploitation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege OA credentials
Exploit
Send crafted HTTP GET/POST to GetFormSn.aspx
Execution
Inject SQL payload via queryID parameter
Impact
Extract or tamper with backend database records
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Low-privilege authentication is required - the CVSS vector PR:L confirms that unauthenticated exploitation is not supported by available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 (Low) is driven by the limited impact metrics: VC:L/VI:L/VA:L reflect only low confidentiality, integrity, and availability impact - likely reflecting constrained query scope rather than full database compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege Jinher OA account crafts an HTTP request to /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx, injecting SQL payloads into the queryID parameter based on the publicly available POC at https://github.com/MichaelZhuang521/cve/issues/3. Depending on the database account's permissions, the attacker can enumerate table structures, extract user credentials or sensitive business data, or manipulate records. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to responsible disclosure, and no fix version exists in available data. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34967 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy