CVE-2022-50992
Description
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Weaver E-cology 9.5 before 10.52 has an unauthenticated arbitrary file read in XmlRpcServlet, letting remote attackers read configs and database credentials.
Vulnerability
Description
The Weaver (Fanwei) E-cology 9.5 collaboration platform, versions prior to 10.52 (published 2022-07-31), contains an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint [1][3]. The root cause is a path traversal weakness (CWE-22) in the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods, which accept user-supplied file paths without proper validation [3].
Exploitation
An unauthenticated remote attacker can exploit this flaw by sending specially crafted requests to the XML-RPC endpoint, supplying arbitrary file paths to the vulnerable methods [1][3]. No authentication or special privileges are required, making the attack surface particularly broad. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC), indicating active scanning or misuse [1].
Impact
Successful exploitation allows an attacker to read arbitrary files from the server filesystem [1][3]. This includes sensitive data such as system configuration files, database credentials, and other confidential information that can lead to further compromise of the installation [1][3].
Mitigation
Weaver has addressed this vulnerability in E-cve in E-cology version 10.52 and later [1][3]. Users are strongly advised to upgrade to the latest release and apply full security patches regularly, as detailed in the vendor changelog and download center [2]. Administrators should also follow recommended security practices, including restricting unnecessary network ports and maintaining regular data backups [2].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- blog.csdn.net/qq_36618918/article/details/135104295nvd
- blog.csdn.net/xiayu729100940/article/details/135205082nvd
- www.cnvd.org.cn/flaw/show/CNVD-2022-43245nvd
- www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-arbitrary-file-read-via-xmlrpcservletnvd
- www.weaver.com.cn/cs/ecology_full_log.htmlnvd
- www.weaver.com.cn/cs/securityDownload.htmlnvd
News mentions
6- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- Palo Alto Networks to Patch Zero-Day Exploited to Hack FirewallsSecurityWeek · May 6, 2026
- Critical Bug Could Expose 300,000 Ollama Deployments to Information TheftSecurityWeek · May 5, 2026
- MetInfo, Weaver E-cology Vulnerabilities in Attackers’ CrosshairsSecurityWeek · May 5, 2026
- Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug APIThe Hacker News · May 5, 2026
- Weaver E-cology critical bug exploited in attacks since MarchBleepingComputer · May 4, 2026