'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: seeyon_oa_uauth_file_upload_vul(Rule ID:1070210152)

Release Date2025/9/15

Rule NameCNVD-2021-01627: Seeyon OA Unauthorized File Upload Vulnerability

Severity:critical

CVE ID

 

Descripiton

Seeyon OA is a collaborative management software developed by Beijing Seeyon Internet Software Co., Ltd., which builds a digital collaborative operation platform for medium and large-scale and group organizations.Recently, some security personnel disclosed high-risk vulnerabilities in Seeyon's OA system. Unauthenticated attackers can take advantage of this vulnerability to carefully construct malicious script files and upload the files to the target server using the POST method. After uploading, they can execute code remotely to implement the implantation of the website backdoor and control the target server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.