|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-09 | |
| Rule Name: | Landray OA dataxml.jsp Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Landray is a digital office service provider located in Shenzhen. Its OA products have remote code execution vulnerabilities. The vulnerability is caused by remote code execution due to the dataxml.jsp page not filtering the script parameter. An attacker can construct elaborate requests to execute malicious code on the server and gain access to the server. This rule has the possibility of false positive, please combine with the specific hit analysis. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |