Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.
References
Link | Resource |
---|---|
https://codeantenna.com/a/DXQfemaZEH | Exploit Third Party Advisory |
https://developpaper.com/lanling-oa-foreground-arbitrary-file-reading-vulnerability-exploitation/ | Exploit Third Party Advisory |
Configurations
History
08 Aug 2022, 14:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:landray:landray_office_automation:-:*:*:*:*:*:*:* | |
CWE | CWE-312 | |
References | (MISC) https://codeantenna.com/a/DXQfemaZEH - Exploit, Third Party Advisory | |
References | (MISC) https://developpaper.com/lanling-oa-foreground-arbitrary-file-reading-vulnerability-exploitation/ - Exploit, Third Party Advisory |
02 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-02 20:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-34924
Mitre link : CVE-2022-34924
CVE.ORG link : CVE-2022-34924
JSON object : View
Products Affected
landray
- landray_office_automation
CWE
CWE-312
Cleartext Storage of Sensitive Information