## RSeeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability

|   **Vulnerability**  | **Seeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability**  |
| :----:   | :-----|
| **Chinese name**  | 致远互联-OA wpsAssistServlet 文件 templateUrl 参数任意文件读取漏洞 |
| **CVSS core**  | 7.5 |
| **FOFA Query**  (click to view the results directly)| [body="/seeyon/USER-DATA/IMAGES/LOGIN/login.gif" \|\| title="用友致远A" \|\| (body="/yyoa/" && body!="本站内容均采集于") \|\| header="path=/yyoa" \|\| server=="SY8044" \|\| (body="A6-V5企业版" && body="seeyon" && body="seeyonProductId") \|\| (body="/seeyon/common/" && body="var _ctxpath = '/seeyon'") \|\| (body="A8-V5企业版" && body="/seeyon/") \|\| banner="Server: SY8044"](https://en.fofa.info/result?qbase64=Ym9keT0iL3NlZXlvbi9VU0VSLURBVEEvSU1BR0VTL0xPR0lOL2xvZ2luLmdpZiIgfHwgdGl0bGU9IueUqOWPi%2BiHtOi%2FnEEiIHx8IChib2R5PSIveXlvYS8iICYmIGJvZHkhPSLmnKznq5nlhoXlrrnlnYfph4fpm4bkuo4iKSB8fCBoZWFkZXI9InBhdGg9L3l5b2EiIHx8IHNlcnZlcj09IlNZODA0NCIgfHwgKGJvZHk9IkE2LVY15LyB5Lia54mIIiAmJiBib2R5PSJzZWV5b24iICYmIGJvZHk9InNlZXlvblByb2R1Y3RJZCIpIHx8IChib2R5PSIvc2VleW9uL2NvbW1vbi8iICYmIGJvZHk9InZhciBfY3R4cGF0aCA9ICcvc2VleW9uJyIpIHx8IChib2R5PSJBOC1WNeS8geS4mueJiCIgJiYgYm9keT0iL3NlZXlvbi8iKSB8fCBiYW5uZXI9IlNlcnZlcjogU1k4MDQ0Ig%3D%3D) |
| **Number of assets affected**  | 	53406 |
| **Description**  | Seeyou-OA is a collaborative office software that digitally builds the digital collaborative operation platform of enterprises and provides one-stop big data analysis solutions for various business scenarios of enterprises.Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system. |
| **Impact** | 	Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system. |

![](https://s3.bmp.ovh/imgs/2023/07/14/033b7613462dfe6a.gif)