CVE-2025-25589

An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

CVE-2025-25582

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...

CVE-2025-25590

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit personal developer. A security vulnerability exists in yimioa versions prior to v2024.07.04, which stems from an SQL injection in the selectNoticeList method...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in versions prior to yimioa v2024.07.04, which stems from improper access control of the WebSecurityConfig component and allows an unauthorized attacker to arbitrarily change the...

PT-2022-23501 · Yimioa · Yimioa

Name of the Vulnerable Software and Affected Versions: Yimioa version 6.1 Description: A SQL injection issue was found in Yimioa via the orderbyGET parameter. This allows for potential manipulation of database queries. Recommendations: For Yimioa version 6.1, consider restricting access to the...