A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-89CWE-74
Jinher OA nextselectplan.aspx sql injection
Problem type
Affected products
Jinher
OA
1.0 - AFFECTED
References
VDB-369015 | Jinher OA nextselectplan.aspx sql injection
https://vuldb.com/vuln/369015
VDB-369015 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369015/cti
CVE-2026-11435 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11435
Submit #822114 | Jinher OA V1.0 SQL Injection
https://vuldb.com/submit/822114
github.com
https://github.com/Mr-Elymas/cve_submit/issues/1
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11435Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11435",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-06T15:15:09.677Z",
"dateReserved": "2026-06-05T22:08:29.266Z",
"datePublished": "2026-06-06T15:15:09.677Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-06T15:15:09.677Z"
},
"title": "Jinher OA nextselectplan.aspx sql injection",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "Jinher",
"product": "OA",
"cpes": [
"cpe:2.3:a:jinher:oa:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "1.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "SQL Injection",
"cweId": "CWE-89",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/369015",
"name": "VDB-369015 | Jinher OA nextselectplan.aspx sql injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/369015/cti",
"name": "VDB-369015 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-11435",
"name": "CVE-2026-11435 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/822114",
"name": "Submit #822114 | Jinher OA V1.0 SQL Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/Mr-Elymas/cve_submit/issues/1",
"tags": [
"exploit",
"issue-tracking"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 7.5
}
}
],
"timeline": [
{
"time": "2026-06-05T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-06-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-06-06T00:13:32.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "Elymas (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}