RULE(RULE ID:338406)

Rule General Information
Release Date: 2024-09-10
Rule Name: Jinher OA C6 GetSqlData.aspx SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: The Jinher OA C6 platform is an enterprise management software launched by Jinhe Software Company that integrates multiple office automation functions. It aims to improve the office efficiency and management level of enterprises by providing comprehensive information solutions. There is an SQL injection vulnerability in its GetSqlData.aspx endpoint, which allows attackers to execute malicious SQL code, potentially leading to data leaks, data corruption, service interruptions, and even complete control of the database server.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.