CVE-2024-6039

Name of the Vulnerable Software and Affected Versions: Feng Office version 3.11.1.2

Description: A critical issue was found in the Workspaces component, where the manipulation of the dim argument leads to SQL injection. This can be exploited remotely.

Recommendations: For Feng Office version 3.11.1.2, as a temporary workaround, consider restricting access to the Workspaces component until a patch is available. Avoid using the dim argument in affected functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.