Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Jinher OA C6 allows remote code execution via OfficeSupplyTypeRight.aspx
CVE-2026-2963
Summary
A security flaw in Jinher OA C6 could allow an attacker to execute malicious code on a remote computer. This could potentially give them control over the system. It's recommended to install a patch as soon as possible to fix this issue.
Original title
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of th...
Original description
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026