PT-2026-1198 · Seeyon · Seeyon Zhiyuan Oa Web Application System

Lnone

Publicado

2026-01-04

Atualizado

2026-01-29

CVE-2025-15446

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions prior to 20251224

Description A flaw exists in Seeyon Zhiyuan OA Web Application System. Manipulation of the unitCode argument in the file '/assetsGroupReport/fixedAssetsList.j%73p' can lead to SQL injection. The attack can be performed remotely. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions prior to 20251224 should be updated. Avoid using the unitCode argument in the '/assetsGroupReport/fixedAssetsList.j%73p' file until the issue is resolved.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-15446

Produtos afetados

Seeyon Zhiyuan Oa Web Application System

PT-2026-1198 · Seeyon · Seeyon Zhiyuan Oa Web Application System

CVE-2025-15446

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11