CVE-2025-1216

Name of the Vulnerable Software and Affected Versions ywoa versions up to 2024.07.03

Description A critical issue has been found that affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 2024.07.03, upgrade to version 2024.07.04 to address this issue. As a temporary workaround, consider restricting access to the selectNoticeList function until the update is applied. Avoid using the sort argument in the affected function until the issue is resolved.