Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339617）

Rule General Information


Release Date:		2025-11-12

Rule Name:		Weaver E-cology MessageType.do SQL Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		The MessageType.do endpoint in Weaver E-cology OA fails to sanitize the uploadID parameter, allowing unauthenticated attackers to inject arbitrary SQL through escaped or encoded quote sequences. By subverting the backend query logic, adversaries can exfiltrate the entire corporate dataset—employee directories, workflow forms, payroll records, and contract attachments—alter approval states, or plant persistent web shells via database write access. Typically deployed inside trusted networks with high-privilege database roles, successful exploitation enables lateral movement to financial and HR systems, leading to mass data leakage, business-process paralysis, and regulatory non-compliance.

Impact:		An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.