{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/oa-1.0/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7670"}],"_cs_exploited":false,"_cs_products":["OA 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-7670","web-application"],"_cs_type":"threat","_cs_vendors":["Jinher"],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-7670, affects Jinher OA 1.0, a web-based office automation software. The vulnerability resides within the /C6/JHSoft.Web.PlanSummarize/UserSel.aspx file, specifically in how the application handles the \u0026lsquo;DeptIDList\u0026rsquo; argument. An unauthenticated remote attacker can manipulate this argument to inject malicious SQL code into database queries. The vulnerability was reported to the vendor; however, there has been no response, and an exploit is publicly available. This lack of response and the availability of an exploit increases the risk to organizations using the affected Jinher OA 1.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Jinher OA 1.0 instance exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET or POST request targeting the \u003ccode\u003e/C6/JHSoft.Web.PlanSummarize/UserSel.aspx\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a modified \u003ccode\u003eDeptIDList\u003c/code\u003e parameter containing SQL injection payloads.\u003c/li\u003e\n\u003cli\u003eThe server-side application fails to properly sanitize or validate the \u003ccode\u003eDeptIDList\u003c/code\u003e input.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input is passed directly into a SQL query executed against the underlying database.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed by the database server, potentially allowing the attacker to bypass authentication, extract sensitive data, or modify data.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive information, such as user credentials, internal configurations, or financial data, depending on the database structure and injected SQL commands.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages compromised data to gain further access, escalate privileges, or conduct lateral movement within the organization\u0026rsquo;s network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-7670) can lead to unauthorized access to sensitive data, including user credentials, financial records, and internal communications. An attacker could potentially gain complete control over the affected Jinher OA 1.0 system and the underlying database. This could result in significant data breaches, financial losses, reputational damage, and disruption of business operations. Given the lack of vendor response, organizations using Jinher OA 1.0 are particularly vulnerable and should take immediate action to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for requests to \u003ccode\u003e/C6/JHSoft.Web.PlanSummarize/UserSel.aspx\u003c/code\u003e containing suspicious characters or SQL keywords within the \u003ccode\u003eDeptIDList\u003c/code\u003e parameter, as covered by the Sigma rule \u0026ldquo;Detect Jinher OA SQL Injection Attempt via DeptIDList\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to all user-supplied data, especially the \u003ccode\u003eDeptIDList\u003c/code\u003e parameter in \u003ccode\u003e/C6/JHSoft.Web.PlanSummarize/UserSel.aspx\u003c/code\u003e, to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Generic SQL Injection Attempt\u0026rdquo; to identify broader SQL injection attempts across your web applications.\u003c/li\u003e\n\u003cli\u003eGiven the vendor\u0026rsquo;s lack of response, consider isolating the affected Jinher OA 1.0 instance from the network or replacing it with a more secure alternative.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-02T23:16:16Z","date_published":"2026-05-02T23:16:16Z","id":"/briefs/2024-01-jinher-oa-sqli/","summary":"Jinher OA 1.0 is vulnerable to remote SQL injection via the DeptIDList parameter in the /C6/JHSoft.Web.PlanSummarize/UserSel.aspx file, potentially allowing attackers to execute arbitrary SQL queries.","title":"Jinher OA 1.0 SQL Injection Vulnerability (CVE-2026-7670)","url":"https://feed.craftedsignal.io/briefs/2024-01-jinher-oa-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — OA 1.0","version":"https://jsonfeed.org/version/1.1"}