'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_oa_api_uploadfileclient.jsp_arbitrary_file_upload_vulnerability(Rule ID:1070210464)

Release Date2025/9/15

Rule NameWeaver OA API uploadFileClient.jsp Arbitrary File Upload Vulnerability

Severity:critical

CVE ID

 

Descripiton

Weaver OA is a standardized collaborative OA office software, one of the members of Weaver collaborative office product series, the implementation of universal product design, fully fit the needs of enterprise management, in line with the principle of simple, easy to use, efficient and intelligent, for enterprises to quickly build a mobile, paperless, digital office platform. Weaver OA API uploadFileClient.jsp Arbitrary File Upload Vulnerability, which allows an unauthenticated attacker to arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.