CNNVD-202507-2311 Information

CNNVD ID

CNNVD-202507-2311

Related CVE

CVE-2023-41566

• CNNVD Published: 2025-07-17

Description (Chinese)

Landray OA EKP（蓝凌EKP）是中国蓝凌（Landray）公司的一款办公协同软件。 Landray OA EKP v16版本存在安全漏洞，该漏洞源于/ui/sys_ui_extend/sysUiExtend.do组件存在任意下载漏洞，可能导致获取后台管理员密码和数据库权限。

Description (English)

Landray OA EKP (BlueLing EKP) is an office-cooperative software for Landray China. The Landray OA EKP v16 version contains a security loophole, which stems from the random download loophole of the /ui/sys ui extend/sysUiExtend.do component, which may lead to access to back-office administrator passwords and database privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

蓝凌

Published

2025-07-17

Last Modified

2026-02-24

References

https://gist.github.com/night-0p/668fc88385d4f60feb90b7fcef8443b1 https://github.com/night-0p/anh/blob/main/Landray%20OA/FileDownload.md