Arbitrary Download Vulnerability in OA EKP v16 by Landray
CVE-2023-41566

Currently unrated

Key Information:

Vendor: Landray
Status: OA EKP
Vendor: CVE Published:; 17 July 2025

What is CVE-2023-41566?

A security vulnerability has been identified in OA EKP v16, allowing unauthorized access to download sensitive files. Exploitation of this flaw enables attackers to retrieve the password of the background administrator, which can subsequently lead to elevated database permissions. This poses a significant risk to the confidentiality and integrity of the data managed by the affected system.

References

https://github.com/night-0p/anh/blob/main/Landray%20OA/Fi...

https://gist.github.com/night-0p/668fc88385d4f60feb90b7fc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Aug 30, 2023