yimioa
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36605 | Cri | 0.64 | 9.8 | 0.01 | Aug 19, 2022 | Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | ||
| CVE-2025-25586 | 0.00 | — | 0.00 | Mar 18, 2025 | yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. | |||
| CVE-2025-25590 | 0.00 | — | 0.00 | Mar 18, 2025 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. | |||
| CVE-2025-25585 | 0.00 | — | 0.00 | Mar 18, 2025 | Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. | |||
| CVE-2025-25582 | 0.00 | — | 0.00 | Mar 18, 2025 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. | |||
| CVE-2025-25580 | 0.00 | — | 0.00 | Mar 18, 2025 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. |
- risk 0.64cvss 9.8epss 0.01
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.
- CVE-2025-25586Mar 18, 2025risk 0.00cvss —epss 0.00
yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.
- CVE-2025-25590Mar 18, 2025risk 0.00cvss —epss 0.00
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.
- CVE-2025-25585Mar 18, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.
- CVE-2025-25582Mar 18, 2025risk 0.00cvss —epss 0.00
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml.
- CVE-2025-25580Mar 18, 2025risk 0.00cvss —epss 0.00
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.