6 matches found
Zhiyuan OA - arbitrary file upload leading
Exploit Title: Zhiyuan OA - arbitrary file upload leading Google Dork / FOFA: app="致远互联-OA" && title="V8.0SP2" Date: 1-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://service.seeyon.com/ Software Link: vendor download / product page if available Version: 5.0, 5.1–5.6sp1,...
Exploit for CVE-2025-34040
CVE-2025-34040:OA’s file upload feature may lead to RCE vulner...
CVE-2025-34040
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...
CVE-2025-34040
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...
CVE-2025-34040 Seeyon Zhiyuan OA System Path Traversal File Upload
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...
CVE-2025-34040
CVE-2025-34040 affects Zhiyuan OA platform via the wpsAssistServlet interface. The vulnerability arises from improper validation of the realFileType and fileId parameters during multipart uploads, enabling path traversal to upload crafted JSP files outside of allowed directories. This unauthentic...