CVE-2024-1012 | Wanhu ezOFFICE 11.1.0 wf_printnum.jsp recordId sql injection

Posted by Angelo Barbosa | Jan 29, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection.

The identification of this vulnerability is CVE-2024-1012. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-1012 | Wanhu ezOFFICE 11.1.0 wf_printnum.jsp recordId sql injection

Related Posts

CVE-2024-41518 | Feripro up to 2.2.3 XLSX File statistics access control

CVE-2022-30636 | x-crypto prior 0.0.0-20220525230936-793ad666bf5e on Go path traversal

CVE-2023-50732 | XWiki xwiki-platform-index-tree-macro authorization

CVE-2024-5240 | Campcodes Complete Web-Based School Management System 1.0 /view/unread_msg.php my_index sql injection