CNNVD-202506-3028 Information
CNNVD ID
CNNVD-202506-3028
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Seeyon Zhiyuan OA(致远OA)是中国致远互联(Seeyon)公司的一个协同管理软件。 Seeyon Zhiyuan OA存在安全漏洞,该漏洞源于wpsAssistServlet接口中realFileType和fileId参数验证不足导致任意文件上传。以下版本受到影响:5.0版本、5.1至5.6sp1版本、6.0至6.1sp2版本、7.0版本、7.0sp1至7.1版本、7.1sp1版本和8.0至8.0sp2版本。
Description (English)
Seeyon Zhiyuan OA is a co-management software for Seayon. There is a security loophole in Seeyon Zhiyuan OA, which stems from the lack of validation of the RealFileType and fileId parameters in the WpsAsistServlet interface, resulting in any uploading of documents. The following versions were affected: 5.0, 5.1 to 5.6sp1, 6.0 to 6.1 Sp2, 7.0, 7.0 to 7.1, 7.1 and 8.0 to 8.0 Sp2.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
致远互联
Published
2025-06-24
Last Modified
2026-02-24
References
https://www.cnblogs.com/pursue-security/p/17677130.html https://vulncheck.com/advisories/zhiyuan-oa-system-path-traversal-file-upload https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=1 https://www.cnvd.org.cn/flaw/show/CNVD-2021-01627 https://access.redhat.com/security/cve/cve-2025-34040