CVE-2025-2587 MEDIUM

CVE-2025-2587: Jinher OA C6 IncentivePlanFulfillAppprove.aspx sql injection

Vendor Jinher

Product OA C6

Weakness CWE-89 · SQLi

Published March 21, 2025

Last update March 21, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in Jinher OA C6 1.0. This affects an unknown part of the file IncentivePlanFulfillAppprove.aspx. The manipulation of the argument httpOID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 21, 2025 CVE published

March 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2587 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2024-10618 Tongda OA 2017 record_detail.php sql injection CVE-2023-50839 WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection CVE-2024-1820 code-projects Crime Reporting System inchargelogin.php sql injection CVE-2023-2050 Campcodes Advanced Online Voting System positions_add.php sql injection CVE-2025-2074 Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter