PT-2026-1199 · Seeyon · Seeyon Zhiyuan Oa
Zhx123
·
Publicado
2026-01-04
·
Atualizado
2026-01-29
·
CVE-2025-15447
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Seeyon Zhiyuan OA Web Application System versions prior to 20251224
Description
A flaw exists in Seeyon Zhiyuan OA Web Application System. The issue involves the manipulation of the
unitCode argument within an unknown function of the file '/assetsGroupReport/assetsService.jsp', leading to a SQL injection. This allows for remote attacks. The details of the exploit have been publicly disclosed, and the vendor was informed but did not respond.Recommendations
Update to a version later than 20251223.
Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Seeyon Zhiyuan Oa