CVE-2024-1012

Name of the Vulnerable Software and Affected Versions Wanhu ezOFFICE version 11.1.0

Description A critical issue has been found in the processing of the file defaultroot/platform/bpm/work flow/operate/wf printnum.jsp. The manipulation of the recordId argument leads to sql injection. The attack may be initiated remotely.

Recommendations For Wanhu ezOFFICE version 11.1.0, consider restricting access to the vulnerable file wf printnum.jsp to minimize the risk of exploitation. Avoid using the recordId argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.