yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-03-18
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-03-18
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-03-18
Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-03-18
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-03-18