'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_e-office_api_filedownload_arbitrary_file_read_vulnerability(Rule ID:1070210423)

Release Date2025/9/15

Rule NameWeaver E-Office API FileDownload Arbitrary File Read Vulnerability

Severity:critical

CVE ID

 

Descripiton

Weaver E-Office is a standardized collaborative OA office software, one of the members of Weaver collaborative office product series, the implementation of universal product design, fully fit the needs of enterprise management, in line with the principle of simple and easy to use, efficient and intelligent, for enterprises to quickly create a mobile, paperless, digital office platform. Weaver E-Office FileDownload api arbitrary file read vulnerability, Unauthorized attackers can use this vulnerability to obtain arbitrary files of the system. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.