A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to sensitive enterprise data.
The vulnerability, which earned its discoverer a $3,000 bounty from Microsoft’s Security Response Center (MSRC), exposed a Local File Inclusion (LFI) attack vector that could potentially compromise confidential system information across multi-tenant environments.
https://gbhackers.com/microsoft-365-pdf ... le-to-lfi/