'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339466)

Rule General Information
Release Date: 2025-09-16
Rule Name: Jinher OA TaskReportConfirm.aspx SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Jinhe Network is a professional information service provider, offering Internet + supervision solutions for urban regulatory authorities and services such as organizational collaboration OA system development platforms, e-government integration platforms, and smart e-commerce platforms for enterprises and public institutions. The TaskReportConfirm.aspx interface of the Jinher OA has an SQL injection vulnerability. Besides taking advantage of this vulnerability to obtain information in the database, attackers can even write Trojans into the server under high privileges to further gain system privileges of the server.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.