|
|||
Rule General Information |
---|
Release Date: | 2021-03-30 | |
Rule Name: | Weaver e-cology Arbitrary File Upload Vulnerability | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Weaver e-cology is an Office Automation (OA) software developed by Weaver Software, a Chinese company. The software aims to provide an integrated solution for internal office processes within enterprises, enhancing office efficiency and information management.Weaver e-cology has an arbitrary file upload vulnerability, the attacker can through the sysinterface/codeEdit.jsp page to upload any file to the server, and to gain control of the server. | |
Impact: | Attackers can use this vulnerability to cause damages such as arbitrary code execution. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ||
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.weaver.com.cn/cs/securityDownload.html# |