CNNVD-202511-2004 Information

CNNVD ID

CNNVD-202511-2004

Related CVE

CVE-2025-63695

• CNNVD Published: 2025-11-18

Description (Chinese)

DzzOffice是大桌子（DzzOffice）公司的一个可提供在线协同办公套件功能的平台。提供在线文档、表格、网盘、演示等功能。 DzzOffice v2.3.7及之前版本存在安全漏洞，该漏洞源于/dzz/system/ueditor/php/controller.php容易受到任意文件上传攻击。

Description (English)

DzzOffice is a platform for the DzzOffice company to provide online teamwork. Provides online documentation, tables, webpads, presentations, etc. DzzOffice v2.3.7 and previous versions contained a security loophole, which originated in/dzz/system/eductor/php/controller.php was vulnerable to any document upload.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

大桌子

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/Yohane-Mashiro/dzzoffice_upload https://github.com/zyx0814/dzzoffice/issues/365 https://access.redhat.com/security/cve/cve-2025-63695

Patch

https://github.com/zyx0814/dzzoffice/releases