'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:weaver_oa_execluploadservlet_arbitrary_file_upload_vul(Rule ID:1070210543)

Release Date2025/10/13

Rule NameWeaver OA ExcelUploadServlet Arbitrary File Upload Vulnerability

Severity:critical

CVE ID

 

Descripiton

Weaver OA is an enterprise oriented collaborative office and process management platform, integrating approval, knowledge, portal and mobile office, helping organizations achieve digital and efficient collaboration. The Weaver OA ExcelUploadServlet has an arbitrary file upload vulnerability, which allows attackers to upload malicious files, which can be directly implanted into the WebShell or backdoor, and then remotely control the server.This rule supports to defend the A6: Vulnerabe and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.