CVE-2024-1012
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jan 31, 2024
Updated: May 17, 2024
CWE ID 89
Summary
CVE-2024-1012 is a critical vulnerability affecting Wanhu ezOFFICE 11.1.0. This issue involves the processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp, where manipulation of the argument recordId can result in sql injection. The vulnerability can be exploited remotely, meaning an attacker can take advantage of it from outside the network. The exploit for this vulnerability has been made public, increasing the risk of attacks. The vulnerability has been assigned the identifier VDB-252281 by the Vulnerability Database.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- WHIR