Critical Vulnerability in Feng Office Allowing Remote SQL Injection

CVE-2024-6039

8.8HIGH

Key Information

Vendor: Feng Office
Status: Feng Office
Vendor: CVE Published:; 16 June 2024

Summary

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.

Affected Version(s)

Feng Office = 3.11.1.2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 6.3 - (MEDIUM)
Jun 16, 2024
VulDB entry last update
Jun 16, 2024
Vulnerability Reserved.
Jun 16, 2024
VulDB entry created
Jun 16, 2024
Advisory disclosed
Jun 16, 2024
Vulnerability published.
Jun 16, 2024

Collectors

NVD DatabaseMitre Database