Zhx123

**Name of the Vulnerable Software and Affected Versions** Seeyon Zhiyuan OA Web Application System versions prior to 20251224 **Description** A flaw exists in Seeyon Zhiyuan OA Web Application System. The issue involves the manipulation of the `unitCode` argument within an unknown function of the file '/assetsGroupReport/assetsService.jsp', leading to a SQL injection. This allows for remote attacks. The details of the exploit have been publicly disclosed, and the vendor was informed but did not respond. **Recommendations** Update to a version later than 20251223.

**Name of the Vulnerable Software and Affected Versions** Yonyou KSOA version 9.0 **Description** A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the `Report` argument within the file `/worksheet/work edit.jsp`. This allows for remote attacks. The exploit details have been publicly disclosed. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.