O2Oa · O2Oa · CVE-2024-35591
**Name of the Vulnerable Software and Affected Versions**
O2OA version 8.3.8
**Description**
The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability.
**Recommendations**
For O2OA version 8.3.8, consider restricting file uploads to prevent exploitation until a patch is available. As a temporary workaround, limit the types of files that can be uploaded to minimize the risk.