'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: weaver_e-cology_oa_sql_injection(Rule ID:1070210110)

Release Date2025/9/15

Rule NameCNNVD-201910-647: Weaver e-cologyOA SQL Injection Vulnerability

Severity:critical

CVE ID

 

Descripiton

Weaver E-cology offers a collaborative work environment, i.e. OA system in the broad sense. The OA system is a very advanced system that enables the business to management documents, sales, personnel, assets, customers and purchase in a uniform information platform. A SQL injection vulnerability was found in the system because the interface WorkflowCenterTreeData doesn't handle SQL statement strictly. Remote attacker can abtain sensitive information via the vulnerability. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.