'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_oa_ecology9_uploaderoperate.jsp_arbitrary_file_upload_vulnerability(Rule ID:1070210433)

Release Date2025/9/15

Rule NameWeaver OA Ecology9 uploaderOperate.jsp Arbitrary File Upload Vulnerability

Severity:critical

CVE ID

 

Descripiton

Weaver E-ecology 9 is a standardized collaborative OA office software, one of the members of Weaver collaborative office product series, the implementation of universal product design, fully fit the needs of enterprise management, in line with the principle of simple, easy to use, efficient and intelligent, for enterprises to quickly build a mobile, paperless, digital office platform.The Weaver OA Ecology9 uploaderOperate.jsp interface has a file upload vulnerability. Unauthorized attackers can use this vulnerability to execute code on the server, write a backdoor, obtain server permissions, and control the entire web server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.