GobyVuls/Huatian-OA8000_MyHttpServlet_reportFile_Arbitrary_File_Upload_Vulnerability.md at master

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

add Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability

2023-07-07 15:31:27 +08:00

Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability

Vulnerability	Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability
Chinese name	华天动力-OA8000 MyHttpServlet 文件 reportFile 参数文件上传漏洞
CVSS core	8.6
FOFA Query (click to view the results directly)	body="/OAapp/WebObjects/OAapp.woa"
Number of assets affected	2226
Description	Huatian-OA8000 is a combination of advanced management ideas, management models, software technology and network technology, providing users with a low-cost, high-efficiency collaborative office and management platform.There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords.
Impact	There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords.