CVE-2025-15446 | Seeyon Zhiyuan OA Web Application System up to 20251223 fixedAssetsList.j%73p unitCode sql injection

A vulnerability was found in Seeyon Zhiyuan OA Web Application System up to 20251223. It has been declared as critical. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing manipulation of the argument unitCode can lead to sql injection.

This vulnerability appears as CVE-2025-15446. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15446 | Seeyon Zhiyuan OA Web Application System up to 20251223 fixedAssetsList.j%73p unitCode sql injection

Post correlati

CVE-2025-22169 | Atlassian Jira Align up to 11.16.0 permission

CVE-2023-41613 | EzViz Studio 2.2.0 uncontrolled search path (ID 175684)

CVE-2024-24131 | SuperWebMailer 9.31.0.01799 api.php cross site scripting

CVE-2024-13441 | jackdewey Bilingual Linker Plugin up to 2.4 on WordPress bl_otherlang_link_1 cross site scripting