CVE-2026-11435
Description
Jinher OA 1.0 is vulnerable to SQL injection via the httpOID parameter in nextselectplan.aspx, allowing remote attackers to access sensitive data or execute code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jinher OA 1.0 is vulnerable to SQL injection via the httpOID parameter in nextselectplan.aspx, allowing remote attackers to access sensitive data or execute code.
Vulnerability
A SQL injection vulnerability exists in Jinher OA version 1.0, specifically within the /C6/JHSoft.Web.PlanSummarize/nextselectplan.aspx file. The httpOID parameter is directly concatenated into SQL queries without proper sanitization, enabling attackers to manipulate database commands [1].
Exploitation
An attacker can exploit this vulnerability remotely by sending a crafted HTTP GET request to the nextselectplan.aspx endpoint. The request must include a malicious value in the httpOID parameter, which is then used to inject SQL code. No authentication is required to perform this attack [1].
Impact
Successful exploitation allows an attacker to execute arbitrary SQL commands on the backend database. This can lead to unauthorized access to sensitive user and business data, potential privilege escalation, and in some cases, remote code execution on the database server, potentially resulting in a complete compromise of the OA system and its data [1].
Mitigation
No specific patch or fixed version has been disclosed by the vendor, Jinher Network, who did not respond to the vulnerability disclosure. As of the available information, there are no known workarounds or official mitigation steps. The vendor was contacted but did not provide a response [1].
AI Insight generated on Jun 6, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The 'httpOID' parameter is directly concatenated into SQL queries without proper validation or parameterization, allowing attackers to execute arbitrary SQL commands [ref_id=1]."
Attack vector
An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP GET request to the vulnerable endpoint. The request targets the 'nextselectplan.aspx' file and manipulates the 'httpOID' parameter with SQL injection payloads. This allows the attacker to execute arbitrary SQL queries on the backend database, potentially leading to data exfiltration or system compromise [ref_id=1]. The attack can be launched remotely and requires no prior authentication.
Affected code
The vulnerability resides in the '/C6/JHSoft.Web.PlanSummarize/nextselectplan.aspx' file within Jinher OA V1.0. Specifically, the 'httpOID' parameter is directly used in SQL queries without sanitization [ref_id=1].
What the fix does
The advisory does not specify any fixes or patches. However, it recommends implementing parameterized queries using prepared statements and applying strict input validation and filtering for all user inputs to mitigate this SQL injection vulnerability [ref_id=1]. Enforcing the principle of least privilege for database accounts and conducting comprehensive code security audits are also suggested as remediation steps [ref_id=1].
Preconditions
- authNo authentication is required to exploit this vulnerability [ref_id=1].
- networkThe attack can be launched remotely over HTTP [ref_id=1].
Reproduction
GET /C6/JHSoft.Web.PlanSummarize/nextselectplan.aspx/Selectnext?httpOID=1;WAITFOR+DELAY+'0:0:5'-- HTTP/1.1 Host: 123.56.162.103:88 Accept-Language: zh-CN,zh;q=0.9 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Cookie: ASP.NET_SessionId=woqhdwkih2whsz02t3cmubzu Connection: keep-alive [ref_id=1]
Generated on Jun 6, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.