Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339391）

Rule General Information


Release Date:		2025-08-19

Rule Name:		Weaver OA block_content.php SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Weaver OA is a high-end collaborative office system designed for large enterprises and groups, offering comprehensive functions such as process management, knowledge management, and project management. It supports multiple organizations, departments, and users, helping enterprises achieve efficient collaboration and digital transformation. Weaver OA block_content.php interface is a SQL injection vulnerabilities, Attackers can inject malicious SQL statements by constructing malicious request parameters, leading to database information leakage, data tampering, and even system privilege escalation, which affects the security and integrity of system data.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.