CVE-2025-10090 PoC — Jinher OA SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-10090.yaml

Associated Vulnerability

Title:Jinher OA SQL注入漏洞 (CVE-2025-10090)
Description:Jinher OA是中国金和（Jinher）公司的一款协同管理软件。 Jinher OA 1.2及之前版本存在SQL注入漏洞，该漏洞源于/C6/Jhsoft.Web.departments/GetTreeDate.aspx文件参数处理不当，可能导致SQL注入攻击。

Description

jinher jinher_oa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as self_hosted, and—within the information_technology industry—serves the business_apps domain.

File Snapshot


 id: CVE-2025-10090

info:
  name: Jinher OA - SQL Injection
  author: DhiyaneshDk
  severity: high
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!