CVE-2025-1216

A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotel...

ywoa SQL注入漏洞

ywoa is an OA collaborative office system by bestfeng individual developer in China. A SQL injection vulnerability exists in ywoa version 2024.07.03 and earlier versions, which originates from the listNameBySql function of com/cloudweb/oa/mapper/xml/UserMapper.xml, which contains a SQL injection...

PT-2025-6862 · Ywoa · Ywoa

Name of the Vulnerable Software and Affected Versions: ywoa versions up to 2024.07.03 Description: A critical issue has been identified, affecting unknown code in the /oa/setup/setup.jsp file. This leads to improper authorization and can be exploited remotely. The issue has been publicly disclose...

CVE-2024-40555

Tmalldemo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability...

CVE-2024-40560

Tmalldemo before v2024.07.03 was discovered to contain a SQL injection vulnerability...

Mini-Tmall Security Breach

Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can exploit the vulnerability to upload arbitrary files via the component uploadUserHeadImage...

PT-2024-28920 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall demo version 2024.07.03 Description: The issue allows for an arbitrary file upload, which could potentially lead to unauthorized access or malicious activity. Recommendations: For version 2024.07.03, at the moment, there is no informati...

PT-2024-28919 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall demo version 2024.07.03 Description: The issue is related to an access control problem, which enables attackers to gain access to sensitive information. Recommendations: For Tmall demo version 2024.07.03, at the moment, there is no...

Mini-Tmall Security Breach

Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can obtain sensitive information by exploiting the vulnerability...

PT-2024-28904 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/user" API endpoint. Recommendations: For versions prior to...