CVE-2024-3227 | Panwei eoffice OA up to 9.5 Backend save_image.php image_type path traversal

Posted by Angelo Barbosa | Apr 2, 2024 | CVE

A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/theme_set/save_image.php of the component Backend. The manipulation of the argument image_type leads to path traversal: ‘../filedir’.

This vulnerability was named CVE-2024-3227. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-3227 | Panwei eoffice OA up to 9.5 Backend save_image.php image_type path traversal

Related Posts

CVE-2024-3595 | Pure Chat Plugin up to 2.22 on WordPress cross site scripting

CVE-2024-5860 | Tickera Plugin up to 3.5.2.8 on WordPress Ticket authorization

CVE-2024-33022 | Qualcomm Snapdragon Auto up to X75 5G Modem-RF System HGSL Driver integer overflow

CVE-2024-31069 | IOSiX IO-1020 Micro ELD prior 360 Web Server default credentials (icsa-24-093-01)