CVE-2025-1224 | ywoa up to 2024.07.03 UserMapper.xml listNameBySql sql injection (IBI731)

Inserito da Angelo Barbosa | Feb 11, 2025 | CVE

A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection.

This vulnerability was named CVE-2025-1224. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-1224 | ywoa up to 2024.07.03 UserMapper.xml listNameBySql sql injection (IBI731)

Post correlati

CVE-2024-20472 | Cisco Secure Firewall Management Center Software sql injection (cisco-sa-fmc-sql-inj-LOYAFcfq)

CVE-2024-30553 | Joby Joseph WP Twitter Mega Fan Box Widget Plugin up to 1.0 on WordPress cross site scripting

CVE-2024-1572 | WP ULike Plugin up to 4.6.9 on WordPress Shortcode cross site scripting

CVE-2024-10966 | TOTOLINK X18 9.1.0cu.2024_B20220329 /cgi-bin/cstecgi.cgi enable os command injection