Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass
Vulnerability Description
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a session to arbitrary user IDs. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:40.855917 UTC.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Seeyon Zhiyuan OA Web Application System 安全漏洞
Vulnerability Description
Seeyon Zhiyuan OA Web Application System是中国致远(Seeyon)公司的一款综合办公自动化平台。 Seeyon Zhiyuan OA Web Application System 7.0 SP1及之前版本存在安全漏洞,该漏洞源于对thirdpartyController.do中参数enc解码和解析不当,可能导致攻击者分配任意用户ID会话。
CVSS Information
N/A
Vulnerability Type
N/A