Arbitrary file upload in Seeyon Internet Software A8+ Collaborative Management

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST reque…

Vulnerability class: Unrestricted File Upload

EPSS: 0.009 (75.3th percentile) — read the EPSS interpretation.

Affected products

Seeyon Internet Software A8+ Collaborative Management — versions 7.0, 7.0sp1, 7.0sp2
Seeyon Internet Software A8-v5 Collaborative Management — versions 6.1sp1

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

sourceforge.net/software/product/A8/ (product)
web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htmloffice… (exploit)
wiki.96.mk/Web安全/致远oa/致远 OA A8 htmlofficeservlet getshell 漏洞/ (exploit)
static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/Security_Noti… (third-party-advisory, mitigation)
www.broadcom.com/support/security-center/attacksignatures/detail (third-party-advisory)
www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmlofficeserv… (third-party-advisory)
www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbit… (third-party-advisory)