CVE-2023-32548 Information

Description

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data an arbitrary OS command may be executed on the system where the product is installed.

Reference

https://jvn.jp/en/jp/JVN36060509/ https://support.kingsoft.jp/about/20230605.html