📄 Zhiyuan OA Traversal / File Upload

Path traversal and improper validation in the multipart file upload handling of Zhiyuan OA's wpsAssistServlet allows an attacker to place crafted files outside the intended directories by controlling the realFileType and fileId parameters. Exploit Title: Zhiyuan OA - arbitrary file upload leading...