'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:jinherOA_DownLoadBgImage_file_access(Rule ID:1070210530)

Release Date2025/9/15

Rule NameJinher OA C6 DownLoadBgImage Arbitrary File Access Vulnerability

Severity:high

CVE ID

 

Descripiton

Jinher OA C6 is a set of on-demand customization and on-demand expansion collaborative management platform. With the process engine as the core, it enables the government and enterprises to quickly build a visual, mobile and low code intelligent office system. Jinher OA C6 have an arbitrary file reading vulnerability, which allows unauthorized attackers to read arbitrary files on the server through the DownLoadBgImage endpoint.This rule supports to defend the A6: Vulnerabe and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.