PT-2025-6860 · Ywoa · Ywoa
Rabbit
·
Published
2025-02-12
·
Updated
2025-06-05
·
CVE-2025-1224
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ywoa versions prior to 2024.07.04
Description
A critical vulnerability was found in ywoa, affecting the
listNameBySql function of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. This vulnerability leads to SQL injection and can be initiated remotely. The exploit has been disclosed to the public and may be used.Recommendations
For versions prior to 2024.07.04, upgrade to version 2024.07.04 to address this issue. As a temporary workaround, consider restricting access to the
listNameBySql function of the UserMapper.xml file until the update is applied.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ywoa