'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jinher_oa_c6_editeprint.aspx_arbitrary_file_upload_vul(Rule ID:1070210370)

Release Date2025/9/15

Rule NameJinher OA C6 editeprint.aspx Arbitrary File Upload Vulnerability

Severity:high

CVE ID

 

Descripiton

The Jinher OA C6 platform is an enterprise management software launched by Jinhe Software Company that integrates multiple office automation functions. It aims to improve the office efficiency and management level of enterprises by providing comprehensive information solutions. The editprint.aspx interface contains an arbitrary file upload vulnerability. Attackers can exploit this vulnerability to upload malicious files to the server, enabling them to execute arbitrary code on the server and gain control over the target system. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.