CVE-2025-1227

Name of the Vulnerable Software and Affected Versions: ywoa versions up to 2024.07.03

Description: A critical issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml, leading to SQL injection. The attack may be initiated remotely.

Recommendations: Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider disabling the selectList function until a patch is available.