PT-2026-1198 · Seeyon · Seeyon Zhiyuan Oa Web Application System
Lnone
·
Published
2026-01-04
·
Updated
2026-01-29
·
CVE-2025-15446
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Seeyon Zhiyuan OA Web Application System versions prior to 20251224
Description
A flaw exists in Seeyon Zhiyuan OA Web Application System. Manipulation of the
unitCode argument in the file '/assetsGroupReport/fixedAssetsList.j%73p' can lead to SQL injection. The attack can be performed remotely. The vendor was contacted regarding this issue but did not respond.Recommendations
Versions prior to 20251224 should be updated. Avoid using the
unitCode argument in the '/assetsGroupReport/fixedAssetsList.j%73p' file until the issue is resolved.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Seeyon Zhiyuan Oa Web Application System