CVE-2025-15427 | Seeyon Zhiyuan OA Web Application System up to 20251222 carUseDetailList.j%73p CAR_BRAND_NO sql injection
A vulnerability, which was classified as critical, was found in Seeyon Zhiyuan OA Web Application System up to 20251222. This impacts an unknown function of the file /carManager/carUseDetailList.j%73p. The manipulation of the argument CAR_BRAND_NO results in sql injection.
This vulnerability was named CVE-2025-15427. The attack may be performed from remote. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.