PT-2026-1046 · Seeyon · Seeyon Zhiyuan Oa

Yuxiu

Publicado

2026-01-02

Atualizado

2026-01-29

CVE-2025-15427

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions prior to 20251222

Description A security flaw exists in Seeyon Zhiyuan OA Web Application System. The issue involves a SQL injection impacting an unknown function within the file /carManager/carUseDetailList.j%73p. Manipulation of the CAR BRAND NO argument can lead to SQL injection. The attack can be performed remotely, and the exploit has been publicly released. The vendor was contacted but did not respond.

Recommendations Versions prior to 20251222 should be updated. As a temporary workaround, restrict access to the /carManager/carUseDetailList.j%73p file. Avoid using the CAR BRAND NO parameter until the issue is resolved.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-15427

Produtos afetados

Seeyon Zhiyuan Oa

PT-2026-1046 · Seeyon · Seeyon Zhiyuan Oa

CVE-2025-15427

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13