'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

inject_localinc:weaver_sensitive_file_inclusion(Rule ID:1020710015)

Release Date2025/9/15

Rule NameDetectd attempts to include sensitive files of weaver

Severity:high

CVE ID

 

Descripiton

A file include vulnerability is a common security hole where such sites often have user input variables in the include file code that not properly validated. Local file inclusion(LFI) attacks allow attackers to exploit website vulnerabilities, access sensitive files, leak sensitive data, and even execute remote code. This rule supports to defend the A3: Injcetion of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.