| Titre | Seeyon Zhiyuan OA Web Application System V8.1 SP2 Server-Side Request Forgery Vulnerability |
|---|
| Description | 1.Vulnerability name:
Server-Side Request Forgery(SSRF) Vulnerability of Seeyon Zhiyuan Web OA Application System
2.Vulnerability Contributor and Submitter: caichaoxiong
3.Vulnerability Level : Medium
4.Vulnerability Description :
Due to security defects, Zhiyuan Web OA application system has an SSRF (Server-Side Request Forgery ) vulnerability. Attackers can exploit the application defects on the Zhiyuan server side to initiate forged network requests and attack the internal network , internal enterprise servers or other systems in the external network.
5.Version affected by the vulnerability: Zhiyuan Web OA system product version number: V8.1 SP2.
6.Vulnerability Fix:
(1)Input validation: Strictly validate all user input to ensure that the entered URL or target address conforms to the expected format.
(2)Whitelist strategy: Only allow applications to initiate requests to predefined whitelist addresses and prohibit access to other addresses.
(3)Restrict network access: Limit network access permissions for server-side applications to ensure that they can only access necessary services.
(4)Use secure libraries: Use security-verified libraries and frameworks, and avoid using insecure network request functions.
(5)Monitoring and alarm: Monitor the server-side network requests in real time, set up an alarm mechanism, and detect abnormal requests in time.
|
|---|
| La source | ⚠️ https://wx.mail.qq.com/s?k=i0-p-2N4MHcFOeM00E |
|---|
| Utilisateur | caichaoxiong (UID 84060) |
|---|
| Soumission | 09/05/2025 09:42 (il y a 12 mois) |
|---|
| Modérer | 23/05/2025 21:02 (14 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 310221 [Seeyon Zhiyuan OA Web Application System jusqu’à 8.1 SP2 ThirdMenuController.class this.oursNetService.getData url élévation de privilèges] |
|---|
| Points | 17 |
|---|