| Description: | | Weaver E-cology is an enterprise-level collaborative office platform, which supports information sharing, communication, collaboration and knowledge management by integrating various office applications and workflow, to improve work efficiency and organizational management ability. There is a vulnerability of SQL injection in the DocService interface of Weaver E-cology. An attacker can use a low-privileged user to get an available session and inject a malicious SQL statement by using that session, which may result in remote code execution. Impact version: E-cology8 is less than v10.66, E-cology9 is less than v10.66. |