9 matches found
CVE-2025-4260
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-3381
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...
CVE-2025-3381
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...
CVE-2025-3381 zhangyanbo2007 youkefu File Upload WebIMController.java path traversal
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...
CVE-2025-3241
The CVE-2025-3241 entry concerns youkefu (zhangyanbo2007) up to version 4.2.0, focusing on the XML Document Handler’s CallCenterRouterController.java. The root cause is manipulation of the routercontent argument triggering an XML External Entity (XXE) reference, enabling remote initiation of an a...
CVE-2025-2997
A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2997
CVE-2025-2997 affects youkefu 4.2.0 (zhangyanbo2007). The vulnerability is triggered by manipulation of the url argument in the /res/url function, leading to server-side request forgery. The issue is exploitable remotely and has been disclosed publicly. The connected documents confirm the root ca...