Yonbip

yonbip

Vendor: Yonyou • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-51925 1Yonyou 1Yonbip Jun 20, 2025 Jan 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-51924 1Yonyou 1Yonbip Jun 16, 2025 Jan 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-51906 1Yonyou 1Yonbip Jun 17, 2025 Jan 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.
CVE-2023-51928 1Yonyou 1Yonbip Jun 16, 2025 Jan 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-51927 1Yonyou 1Yonbip Jun 16, 2025 Jan 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.
CVE-2023-51926 1Yonyou 1Yonbip May 30, 2025 Jan 20, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.