'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_e-office_downfile.php_arbitrary_file_read_vul(Rule ID:1070210442)

Release Date2025/9/15

Rule NameWeaver E-Office downfile.php Arbitrary File Read Vulnerability

Severity:high

CVE ID

 

Descripiton

Weaver provides mobile office, wechat office, collaborative office (OA), process management, information portal, knowledge management, cost control management and other functions, suitable for mobile phones and PCS, is one of the mainstream OA systems. Weaver e-office is a standardized collaborative OA office software. Weaver e-office downfile.php has any file reading vulnerability. Attackers can use this vulnerability to read any file on the server and obtain sensitive information on the server.This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.