Vulnerability Description
File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Related Weaknesses (CWE)
References
- https://avd.aliyun.com/detail?id=AVD-2023-1678930
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/32024c5dbb7ff60fa7347cccf6ebb3763
- https://github.com/Threekiii/Vulnerability-Wiki/blob/master/docs-base/docs/webap
- https://github.com/luck-ying/Library-POC/blob/master/2023HW/2023.8.15/OfficeWeb3
- https://github.com/xuetang1125/OfficeWeb365/blob/main/OfficeWeb365%20SaveDraw%20
FAQ
What is CVE-2024-48694?
CVE-2024-48694 is a vulnerability with a CVSS score of 9.8 (CRITICAL). File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component.
How severe is CVE-2024-48694?
CVE-2024-48694 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-48694?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.