'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_e-office_init.php_arbitrary_file_upload_vulnerability(Rule ID:1070210426)

Release Date2025/9/15

Rule NameWeaver E-Office Init.php Arbitrary File Upload Vulnerability

Severity:critical

CVE ID

 

Descripiton

Weaver E-cology is a standardized collaborative OA office software, one of the members of Weaver collaborative office product series, the implementation of universal product design, fully fit the needs of enterprise management, in line with the principle of simple and easy to use, efficient and intelligent, for enterprises to quickly create a mobile, paperless, digital office platform. The Weaver OA E-Office Init.php has Arbitrary file upload vulnerability, which allows an unauthenticated attacker to arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.