6 matches found
CVE-2025-10987
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...
CVE-2025-10987
YunaiV yudao-cloud (HTTP Request Handler) is affected by CVE-2025-10987 due to improper authorization in the /crm/contact/transfer file where the contactId parameter can be manipulated. The issue enables a remote attack and has publicly disclosed exploits. Multiple feeds confirm the vulnerability...
CVE-2025-10278
A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...
CVE-2025-10278
A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...
CVE-2025-10278 YunaiV ruoyi-vue-pro transfer improper authorization
A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...
CVE-2025-10278
YunaiV ruoyi-vue-pro (versions up to 2025.09) contains an improper authorization flaw in the /crm/contact/transfer endpoint, caused by manipulation of the ids/newOwnerUserId argument. The issue is exploitable remotely and an exploit has been published. Multiple sources confirm the root cause is i...