Yimioa@* Security Vulnerabilities and Issues — Yimioa@* CVE List

Lucene search

R1bbitYimioa*

10 matches found

CVE•added 2025/02/12 9:15 p.m.•59 views

CVE-2025-1227

A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the p...

8.8CVSS6.8AI score0.00038EPSS

CVE•added 2025/02/12 7:15 p.m.•57 views

CVE-2025-1216

A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely....

8.8CVSS6.8AI score0.00034EPSS

CVE•added 2025/02/12 8:15 p.m.•47 views

CVE-2025-1224

A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...

8.8CVSS7.5AI score0.00038EPSS

CVE•added 2025/02/12 8:15 p.m.•45 views

CVE-2025-1225

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity reference...

6.5CVSS6.5AI score0.00062EPSS

CVE•added 2025/02/12 9:15 p.m.•43 views

CVE-2025-1226

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

9.8CVSS5.5AI score0.0005EPSS

CVE•added 2025/03/18 4:15 p.m.•40 views

CVE-2025-25586

yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.

4.2CVSS6.7AI score0.00018EPSS

CVE•added 2025/03/18 3:16 p.m.•39 views

CVE-2025-25585

Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.

7.3CVSS6.5AI score0.00021EPSS

CVE•added 2025/03/18 4:15 p.m.•36 views

CVE-2025-25582

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml.

6.1CVSS7.9AI score0.00024EPSS

CVE•added 2025/03/18 3:16 p.m.•34 views

CVE-2025-25590

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.

6.1CVSS7.9AI score0.00024EPSS

CVE•added 2025/03/18 3:16 p.m.•32 views

CVE-2025-25580

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.

6.1CVSS7.9AI score0.00024EPSS