关联漏洞
标题:Seeyon Zhiyuan OA 安全漏洞 (CVE-2025-34040)Description:Seeyon Zhiyuan OA(致远OA)是中国致远互联(Seeyon)公司的一个协同管理软件。 Seeyon Zhiyuan OA存在安全漏洞,该漏洞源于wpsAssistServlet接口中realFileType和fileId参数验证不足导致任意文件上传。以下版本受到影响:5.0版本、5.1至5.6sp1版本、6.0至6.1sp2版本、7.0版本、7.0sp1至7.1版本、7.1sp1版本和8.0至8.0sp2版本。
Description
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server.
文件快照
id: CVE-2025-34040
info:
name: Zhiyuan OA Platform - Arbitrary File Upload
author: iamnoooob,pd
...
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。