{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-11412","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-06-05T18:38:42.901Z","datePublished":"2026-06-06T11:00:12.400Z","dateUpdated":"2026-06-06T11:00:12.400Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-06-06T11:00:12.400Z"},"title":"Jinher OA GetFormSn.aspx sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Jinher","product":"OA","versions":[{"version":"C6","status":"affected"}],"cpes":["cpe:2.3:a:jinher:oa:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-06-05T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-06-05T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-06-06T08:55:19.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"MichaelChong (VulDB User)","type":"reporter"},{"lang":"en","value":"MichaelChong (VulDB User)","type":"analyst"},{"lang":"en","value":"VulDB CNA Team","type":"coordinator"}],"references":[{"url":"https://vuldb.com/vuln/368969","name":"VDB-368969 | Jinher OA GetFormSn.aspx sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/vuln/368969/cti","name":"VDB-368969 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/cve/CVE-2026-11412","name":"CVE-2026-11412 | CVE Analysis and Report","tags":["third-party-advisory"]},{"url":"https://vuldb.com/submit/819943","name":"Submit #819943 | Beijing Jinhe Network Co., LTD Jin and OA C6 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/MichaelZhuang521/cve/issues/3","tags":["exploit","issue-tracking"]}]}}}