CVE-2025-15447 | Seeyon Zhiyuan OA Web Application System up to 20251223 assetsService.j%73p unitCode sql injection

Inserito da Angelo Barbosa | Gen 4, 2026 | CVE

A vulnerability was found in Seeyon Zhiyuan OA Web Application System up to 20251223. It has been rated as critical. This affects an unknown function of the file /assetsGroupReport/assetsService.j%73p. The manipulation of the argument unitCode leads to sql injection.

This vulnerability is traded as CVE-2025-15447. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15447 | Seeyon Zhiyuan OA Web Application System up to 20251223 assetsService.j%73p unitCode sql injection

Post correlati

CVE-2024-31992 | Mealie up to 1.3.x safe_scrape_html resource consumption (GHSL-2023-225)

CVE-2025-8665 | agno-agi agno up to 1.7.5 Model Context Protocol mcp.py MCPTools/MultiMCPTools command os command injection

CVE-2025-9939 | CodeAstro Real Estate Management System 1.0 /propertyview.php msg cross site scripting

CVE-2026-0701 | code-projects Intern Membership Management System 1.0 add_admin.php Username sql injection