📦 Yimioa

This vulnerability allows unauthorized attackers to modify administrator passwords in yimioa software due to improper access control in the WebSecurityConfig component. Any system running affected ver...

This vulnerability allows unauthenticated attackers to access sensitive configuration information in yimioa software versions before v2024.07.04. The /resources/application.yml file contains potential...

This SQL injection vulnerability in yimioa allows attackers to execute arbitrary SQL commands through the listNameBySql() method in the UserMapper.xml file. Attackers could potentially read, modify, o...

This SQL injection vulnerability in yimioa allows attackers to execute arbitrary SQL commands through the AddressDao.xml component. It affects all yimioa installations before version 2024.07.04, poten...

This critical vulnerability in ywoa allows remote attackers to bypass authorization controls via the /oa/setup/setup.jsp file. It affects all ywoa installations up to version 2024.07.03, potentially e...

This XXE vulnerability in ywoa's WXCallBack Interface allows attackers to read arbitrary files from the server by exploiting XML parsing. It affects all systems running ywoa up to version 2024.07.03. ...

This critical SQL injection vulnerability in ywoa allows remote attackers to execute arbitrary SQL commands through manipulation of the 'sort' parameter in the selectNoticeList function. It affects al...