| Description: | | DzzOffice is a platform of IBM Corporation which can provide the function of online collaborative office suite. Dzzoffice has a remote code execution vulnerability. The vulnerability is due to the installation process of Dzzoffice, the generated authorkey and Cookie prefix are using the random function, and all the random numbers in the random function are generated through the same seed. Therefore, a malicious attacker can generate all Authorkeys in core/api/wopi/index.php to create a controlled path to any file. |