ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.