CVE-2025-4531 – Seeyon Zhiyuan OA Web Application System Remote Code Injection Vulnerability

May 11, 2025

CVE ID : CVE-2025-4531

Published : May 11, 2025, 6:15 a.m. | 23 minutes ago

Description : A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOTWEB-INFclassescomourswwwehrsalaryservicedataEhrSalaryPayrollServiceImpl.class of the component Beetl Template Handler. The manipulation of the argument payrollId leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4532 – Shanghai Bairui Information Technology SunloginClient DLL Search Path Vulnerability (Uncontrolled Search Path)

Next Article CVE-2025-4530 – Feng Ha Ha Megagao SSM-ERP/Production SSM Path Traversal Vulnerability

Highlights

CVE-2012-10049 – WebPageTest PHP File Upload RCE

August 8, 2025

CVE ID : CVE-2012-10049

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-4531 – Seeyon Zhiyuan OA Web Application System Remote Code Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-31234 – Apple VisionOS iOS iPadOS macOS tvOS Kernel Corruption Vulnerability

CVE-2025-20993 – Samsung Camera libsecimaging Camera Buffer Overflow

Graphite spyware used in Apple iOS zero-click attacks on journalists

‘UNC3886 is Attacking Our Critical Infrastructure Right Now’: Singapore’s National Security Lawmaker

CVE-2012-10049 – WebPageTest PHP File Upload RCE

Adobe enhances developer productivity using Amazon Bedrock Knowledge Bases

CVE-2025-34087 – Pi-hole Command Injection Vulnerability

New Linux Botnet Combines Cryptomining and DDoS Attacks

CVE-2025-4531 – Seeyon Zhiyuan OA Web Application System Remote Code Injection Vulnerability

Related Posts