ywoa
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36606 | Cri | 0.64 | 9.8 | 0.01 | Aug 19, 2022 | Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | ||
| CVE-2022-38808 | Hig | 0.57 | 8.8 | 0.01 | Sep 16, 2022 | ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | ||
| CVE-2025-1227 | 0.00 | — | 0.00 | Feb 12, 2025 | A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has… | |||
| CVE-2025-1226 | 0.00 | — | 0.01 | Feb 12, 2025 | A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed… | |||
| CVE-2025-1225 | 0.00 | — | 0.00 | Feb 12, 2025 | A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml… | |||
| CVE-2025-1224 | 0.00 | — | 0.00 | Feb 12, 2025 | A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has… | |||
| CVE-2025-1216 | 0.00 | — | 0.00 | Feb 12, 2025 | A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be… |
- risk 0.64cvss 9.8epss 0.01
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.
- risk 0.57cvss 8.8epss 0.01
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
- CVE-2025-1227Feb 12, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has…
- CVE-2025-1226Feb 12, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed…
- CVE-2025-1225Feb 12, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml…
- CVE-2025-1224Feb 12, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has…
- CVE-2025-1216Feb 12, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be…