R1bbit Yimioa
10 CVEs affecting R1bbit Yimioa. Latest disclosed: 2025-03-18. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-25585 | High | 7.3 | 2025-03-18 | Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Admin… |
CVE-2025-1227 | Medium | 6.3 | 2025-02-12 | A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mappe… |
CVE-2025-1225 | Medium | 6.3 | 2025-02-12 | A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/m… |
CVE-2025-1224 | Medium | 6.3 | 2025-02-12 | A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/ma… |
CVE-2025-1216 | Medium | 6.3 | 2025-02-12 | A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cl… |
CVE-2025-25582 | Medium | 6.1 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. |
CVE-2025-25590 | Medium | 6.1 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. |
CVE-2025-25580 | Medium | 6.1 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. |
CVE-2025-1226 | Medium | 5.3 | 2025-02-12 | A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp… |
CVE-2025-25586 | Medium | 4.2 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. |