Create Huatian-OA8000_MyHttpServlet_reportFile_Arbitrary_File_Upload_Vulnerability.md

add Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability
2025-06-20 01:40:20 +00:00 · 2023-07-07 15:31:27 +08:00 · 2023-07-07 15:31:27 +08:00 · 4b3ef36221
commit 4b3ef36221
parent 509910ff73
1 changed files with 12 additions and 0 deletions
--- a/Huatian-OA8000_MyHttpServlet_reportFile_Arbitrary_File_Upload_Vulnerability.md
+++ b/Huatian-OA8000_MyHttpServlet_reportFile_Arbitrary_File_Upload_Vulnerability.md
@ -0,0 +1,12 @@
+## Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability
+
+|   **Vulnerability**  | **Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability**  |
+| :----:   | :-----|
+| **Chinese name**  | 华天动力-OA8000 MyHttpServlet 文件 reportFile 参数文件上传漏洞 |
+| **CVSS core**  | 8.6 |
+| **FOFA Query**  (click to view the results directly)| [body="/OAapp/WebObjects/OAapp.woa"](https://en.fofa.info/result?qbase64=Ym9keT0iL09BYXBwL1dlYk9iamVjdHMvT0FhcHAud29hIg%3D%3D) |
+| **Number of assets affected**  | 2226 |
+| **Description**  | Huatian-OA8000 is a combination of advanced management ideas, management models, software technology and network technology, providing users with a low-cost, high-efficiency collaborative office and management platform.There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords. |
+| **Impact** | 	There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords. |
+
+![](https://s3.bmp.ovh/imgs/2023/07/07/ee0dff7305687815.gif)