Описание
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kingsoft:wps_office:10.8.0.6186:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00893
Низкий
8.1 High
CVSS3
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 8.1
github
больше 2 лет назад
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is installed.
EPSS
Процентиль: 75%
0.00893
Низкий
8.1 High
CVSS3
Дефекты
CWE-78
CWE-78