Description: | | Weaver provides mobile office, WeChat office, collaborative office (OA), process management, information portal, knowledge management, cost control management and other functions. It is suitable for mobile phones and PC terminals and is one of the mainstream OA systems today. There is an arbitrary file reading vulnerability on the Pan>Wei e-Bridge platform. The attacker can obtain the filepath through the /wxjsapi/saveYZJFile interface, and return the absolute path of the program in the data packet. The attacker can identify the program running path by returning the content Path to download the database configuration file. |