CVE-2025-1226

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2025-1227 ywoa AddressDao.xml selectList sql injection

A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2025-1226 ywoa setup.jsp improper authorization

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2025-1226 ywoa setup.jsp improper authorization

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2025-1226

The CVE-2025-1226 entry concerns ywoa up to version 2024.07.03 with a vulnerability in the /oa/setup/setup.jsp file that enables improper authorization, exploitable remotely. Multiple connected sources confirm the issue and public disclosure; upgrade to 2024.07.04 is the remediation. Impact cente...

CVE-2025-1224

CVE-2025-1224 affects the ywoa system (up to 2024.07.03) with an SQL injection in the function listNameBySql of com/cloudweb/oa/mapper/xml/UserMapper.xml. The vulnerability arises from how the SQL is constructed in listNameBySql, allowing remote attackers to manipulate queries. Public disclosures...

CVE-2025-1216 ywoa OaNoticeMapper.xml selectNoticeList sql injection

A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotel...

ywoa 代码问题漏洞

ywoa is an OA collaborative office system by the Chinese bestfeng individual developer. A code issue vulnerability exists in ywoa version 2024.07.03 and earlier versions, which originates from the extract function of the WXCallBack Interface component's...

CVE-2022-36606

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database...

PT-2022-23502 · Ywoa · Ywoa

Name of the Vulnerable Software and Affected Versions: Ywoa versions prior to 6.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the "/oa/setup/checkPool?database" API endpoint. The estimated number of potentially affected devices...