'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339867)

Rule General Information
Release Date: 2026-03-30
Rule Name: HuaTian Power OA upload.jsp Arbitrary File Upload Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Huatian Power OA is an office automation system developed by Dalian Huatian Software Co., Ltd. The /OAapp/jsp/upload.jsp interface has an arbitrary file upload vulnerability. Attackers can forge file names and Content-Type to bypass verification, upload malicious files without authorization, and obtain server permissions.
Impact: Successfully exploiting this vulnerability allows attackers to upload webshell and execute arbitrary code, steal sensitive data, and take full control of the OA server.
Affected OS: Windows, Linux, Others
Reference: CNVD-2022-54886
Solutions
Upgrade Huatian Power OA to the latest official version, restrict access to upload.jsp interface, enable strict file type and content verification, and set upload directory to non-web execution permission.