admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-28 17:20:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability.md
Goby 26e7ad85dd
Create ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability.md 
add ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability
2023-04-27 21:58:32 +08:00

1.7 KiB
Raw Blame History

ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability

Vulnerability ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability
Chinese name 万户 OA OfficeServer.jsp 任意文件上传漏洞
CVSS core 9.0
FOFA Query (click to view the results directly) (banner="OASESSIONID" && banner="/defaultroot/") || (header="OASESSIONID" && header="/defaultroot/")||body="/defaultroot/themes/common/common.css"||body="ezofficeDomainAccount"||title="Wanhu ezOFFICE" || title="万户ezOFFICE"
Number of assets affected 4715
Description ezOFFICE OA is a FlexOffice independent security cooperative office platform for government organizations, enterprises and institutions. ezOFFICE OA OfficeServer There is an arbitrary file upload vulnerability in jsp, through which an attacker can upload arbitrary files to control the entire server.
Impact File upload vulnerabilities are usually caused by the lax filtering of files uploaded by the file upload function in the code or the unrepaired parsing vulnerabilities related to the web server. Attackers can upload arbitrary files through the file upload point, including the website backdoor file (webshell), to control the entire website.