'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_oa_sptmforportalthumbnail.jsp_arbitrary_file_read_vulnerability(Rule ID:1070210434)

Release Date2025/9/15

Rule NameWeaver OA SptmForPortalThumbnail.jsp Arbitrary File Read Vulnerability

Severity:high

CVE ID

 

Descripiton

Weaver E-Office is a standardized collaborative OA office software, one of the members of Weaver collaborative office product series, the implementation of universal product design, fully fit the needs of enterprise management, in line with the principle of simple, easy to use, efficient and intelligent, for enterprises to quickly build a mobile, paperless, digital office platform. preview in the system's SptmForPortalThumbnail.jsp file is unsecured, which could allow an attacker to read leaked source code, database profiles, and more, leaving the site extremely insecure.There is an arbitrary file reading vulnerability in the SptmForPortalMumbnail.jsp interface of the system, through which an unauthenticated attacker can read important system files, database configuration file, etc., resulting in an extremely insecure website. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.