4 matches found
CVE-2025-1224
creationtimestamp| type| source ---|---|--- 2025-02-12 19:37:55+00:00| seen| https://infosec.exchange/users/cve/statuses/113992602398671772 2025-02-12 20:16:01+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyyi56a632x 2025-02-12 22:45:20+00:00| seen|...
CVE-2025-1224 ywoa UserMapper.xml listNameBySql sql injection
A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-1224 ywoa UserMapper.xml listNameBySql sql injection
A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-1224
CVE-2025-1224 affects the ywoa system (up to 2024.07.03) with an SQL injection in the function listNameBySql of com/cloudweb/oa/mapper/xml/UserMapper.xml. The vulnerability arises from how the SQL is constructed in listNameBySql, allowing remote attackers to manipulate queries. Public disclosures...