| Description: | | Jinher OA is an office automation system developed by Jinhe Network Technology Co., Ltd. It provides integrated office management functions to help enterprises improve work efficiency, optimize workflow, and achieve automated office needs such as document management, information publishing, and task collaboration. The Jinher OA C6 UploadFileDownLoadnew.xml interface has an arbitrary file reading vulnerability, which allows unauthenticated attackers to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely insecure state. |