CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

CVE-2025-25582

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...

CVE-2025-25590

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in versions prior to yimioa v2024.07.04, which stems from improper access control of the WebSecurityConfig component and allows an unauthorized attacker to arbitrarily change the...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit personal developer. A security vulnerability exists in yimioa versions prior to v2024.07.04, which stems from an SQL injection in the selectNoticeList method...

PT-2022-23501 · Yimioa · Yimioa

Name of the Vulnerable Software and Affected Versions: Yimioa version 6.1 Description: A SQL injection issue was found in Yimioa via the orderbyGET parameter. This allows for potential manipulation of database queries. Recommendations: For Yimioa version 6.1, consider restricting access to the...