VYPR

Ecology

by Weaver

CVEs (7)

  • CVE-2026-22679CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.21

    Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality.…

  • CVE-2024-48072CriNov 19, 2024
    risk 0.64cvss 9.8epss 0.00

    Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition…

  • CVE-2022-50992HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.01

    Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the…

  • CVE-2025-34038HigJun 24, 2025
    risk 0.49cvss 7.5epss 0.02

    A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId…

  • CVE-2023-3793MedJul 20, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY…

  • CVE-2023-2806MedMay 19, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is…

  • CVE-2024-7704MedAug 12, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to…