Filtered by vendor R1bbit
Subscribe
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25580 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. | |||||
| CVE-2025-25590 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. | |||||
| CVE-2025-25585 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 7.3 HIGH |
| Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. | |||||
| CVE-2025-25582 | 1 R1bbit | 1 Yimioa | 2025-04-02 | N/A | 6.1 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. | |||||
| CVE-2025-25586 | 1 R1bbit | 1 Yimioa | 2025-04-01 | N/A | 4.2 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. | |||||