A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection.
The identification of this vulnerability is CVE-2025-1227. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization.
This vulnerability was named CVE-2025-1226. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025.
NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download