Seeyon Zhiyuan OA Web Application System Server-Side Request Forgery Vulnerability

Vulnerability

A critical server-side request forgery (SSRF) vulnerability has been identified in Seeyon Zhiyuan OA Web Application System versions through 8.1 SP2. The issue arises in the ThirdMenuController.class file, specifically within the this.oursNetService.getData function. The vulnerability allows remote attackers to manipulate the url argument, potentially leading to unauthorized network requests that could target internal systems or external networks.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can send forged requests from the server to internal or external systems, potentially leading to further exploitation or information disclosure.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Seeyon Zhiyuan OA Web Application System Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating