CVE-2026-7291 o2oa URL Fetching FileAction.java FileAction server-side request forgery

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-7291

Technical details (affected products, versions, root cause, impact, and remediation) are not publicly available in the provided documents; monitor for updates.

O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 10.0 and earlier contained code vulnerabilities. These vulnerabilities were caused by an operation in the FileAction function during component URL fetching, which led to server-side request...

CVE-2025-1791

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument savedata leads to unrestricted upload. The attack can be initiated...

PT-2025-9178 · Unknown · Zorlan Skycaiji

Name of the Vulnerable Software and Affected Versions: Zorlan SkyCaiji version 2.9 Description: A critical vulnerability has been found in Zorlan SkyCaiji, affecting the fileAction function of the vendor/skycaiji/app/admin/controller/Tool.php file. The manipulation of the save data argument leads...

Unrestricted file upload

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...