CVE-2025-3562
- EPSS 0.05%
- Published 14.04.2025 10:31:06
- Last modified 15.04.2025 18:39:27
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. T...
CVE-2023-51906
- EPSS 2.87%
- Published 20.01.2024 02:15:07
- Last modified 17.06.2025 14:15:28
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.
CVE-2023-51924
- EPSS 0.54%
- Published 20.01.2024 02:15:07
- Last modified 16.06.2025 19:15:27
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-51925
- EPSS 0.28%
- Published 20.01.2024 02:15:07
- Last modified 20.06.2025 19:15:26
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-51928
- EPSS 0.54%
- Published 20.01.2024 01:15:08
- Last modified 16.06.2025 19:15:28
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-51926
- EPSS 0.25%
- Published 20.01.2024 01:15:07
- Last modified 30.05.2025 15:15:26
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.
CVE-2023-51927
- EPSS 0.13%
- Published 20.01.2024 01:15:07
- Last modified 16.06.2025 19:15:28
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.