'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_ecology_dbconfigreader_infomation_leakage_vulnerability(Rule ID:1070210349)

Release Date2025/9/15

Rule NameWeaver e-cology DBconfigReader Infomation Leakage Vulnerability

Severity:mid

CVE ID

 

Descripiton

Weaver e-cology is an Office Automation (OA) software developed by Weaver Software, a Chinese company. The software aims to provide an integrated solution for internal office processes within enterprises, enhancing office efficiency and information management. Weaver e-cology has a vulnerability in database configuration information leakage. Attackers can directly obtain database configuration information through the vulnerable page. If an attacker can directly access the database, he can directly obtain user data and even directly control the database server.This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.