Описание
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.
EPSS
Процентиль: 11%
0.00038
Низкий
8.1 High
CVSS3
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 8.1
github
7 месяцев назад
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.
EPSS
Процентиль: 11%
0.00038
Низкий
8.1 High
CVSS3
Дефекты
CWE-552