'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_filedownloadforoutdoc_sqli_vul(Rule ID:1070210439)

Release Date2025/9/15

Rule NameWeaver E-Cology FileDownloadForOutDoc SQL Injection Vulnerability

Severity:critical

CVE ID

 

Descripiton

The Weaver Collaborative Management Application Platform (e-cology) is a large-scale collaborative management platform for enterprises that combines enterprise information portal, knowledge document management, workflow management, human resource management, customer relationship management, project management, financial management, asset management, supply chain management, and data center functions. Weaver e-cology did not effectively filter user input and directly concatenated it into SQL query statements, resulting in SQL injection vulnerabilities in the system. Remote unauthorized attackers can exploit this vulnerability to obtain sensitive information and further exploit it to potentially gain access to the target system.This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.