CVE-2025-1216 | ywoa up to 2024.07.03 OaNoticeMapper.xml selectNoticeList sort sql injection (IBI74K)

Posted by Angelo Barbosa | Feb 11, 2025 | CVE

A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection.

The identification of this vulnerability is CVE-2025-1216. The attack may be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-1216 | ywoa up to 2024.07.03 OaNoticeMapper.xml selectNoticeList sort sql injection (IBI74K)

Related Posts

CVE-2024-0352 | Likeshop up to 2.5.7.20210311 HTTP POST Request File.php userFormImage file unrestricted upload

CVE-2024-39125 | Roundup up to 2.3.x HTTP Referer Header cross site scripting

CVE-2024-35660 | Jewel Theme Master Addons for Elementor Plugin up to 2.0.5.4.1 on WordPress authorization

CVE-2024-3376 | SourceCodester Computer Laboratory Management System 1.0 config.php url redirect