|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-30 | |
| Rule Name: | Weaver e-cology Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Weaver e-cology is an Office Automation (OA) software developed by Weaver Software, a Chinese company. The software aims to provide an integrated solution for internal office processes within enterprises, enhancing office efficiency and information management.Weaver e-cology has an arbitrary file upload vulnerability, the attacker can through the sysinterface/codeEdit.jsp page to upload any file to the server, and to gain control of the server. | |
| Impact: | Attackers can use this vulnerability to cause damages such as arbitrary code execution. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.weaver.com.cn/cs/securityDownload.html# |