Lnone

**Name of the Vulnerable Software and Affected Versions** Seeyon Zhiyuan OA Web Application System versions prior to 20251224 **Description** A flaw exists in Seeyon Zhiyuan OA Web Application System. Manipulation of the `unitCode` argument in the file '/assetsGroupReport/fixedAssetsList.j%73p' can lead to SQL injection. The attack can be performed remotely. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions prior to 20251224 should be updated. Avoid using the `unitCode` argument in the '/assetsGroupReport/fixedAssetsList.j%73p' file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A flaw exists in Yonyou KSOA 9.0 related to the file '/worksheet/work update.jsp'. Manipulation of the `Report` argument in this file can lead to SQL injection. The attack can be initiated remotely. An exploit for this issue has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.