CVE-2024-3227

🗓️ 03 Apr 2024 02:31:04Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 69 Views🌐 WEB

Vulnerability in Panwei eoffice OA 9.

Reporter	Title	Published	Views	Family All 7
CNNVD	eoffice 安全漏洞	3 Apr 202400:00	–	cnnvd
Cvelist	CVE-2024-3227 Panwei eoffice OA Backend save_image.php path traversal	3 Apr 202402:31	–	cvelist
EUVD	EUVD-2024-31819	3 Oct 202520:07	–	euvd
NVD	CVE-2024-3227	3 Apr 202403:15	–	nvd
OSV	CVE-2024-3227	3 Apr 202403:15	–	osv
RedhatCVE	CVE-2024-3227	23 May 202510:07	–	redhatcve
Vulnrichment	CVE-2024-3227 Panwei eoffice OA Backend save_image.php path traversal	3 Apr 202402:31	–	vulnrichment

NVD

Vulners

Node

weaver e-officeRange≤9.5

[
  {
    "vendor": "Panwei",
    "product": "eoffice OA",
    "versions": [
      {
        "version": "9.0",
        "status": "affected"
      },
      {
        "version": "9.1",
        "status": "affected"
      },
      {
        "version": "9.2",
        "status": "affected"
      },
      {
        "version": "9.3",
        "status": "affected"
      },
      {
        "version": "9.4",
        "status": "affected"
      },
      {
        "version": "9.5",
        "status": "affected"
      }
    ],
    "modules": [
      "Backend"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/garboa/cve_3/blob/main/upload.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
image_type	request body	/general/system/interface/theme_set/save_image.php	Path traversal via image_type parameter leading to arbitrary file access	CWE-24

25 Apr 2025 14:23Current

5Medium risk

Vulners AI Score5

CVSS 3.14.7 - 7.2

CVSS 25.8

CVSS 34.7

EPSS0.00151

SSVC

CWE-24