Print1n

1 exploit Active since Oct 2025
CVE-2021-4461 WRITEUP CRITICAL SCANNER
Seeyon Zhiyuan OA Web App <7.0 SP1 - Info Disclosure
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a session to arbitrary user IDs. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:40.855917 UTC.