e-cology 8
by Weaver
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48069 | 0.00 | — | 0.00 | Nov 19, 2024 | A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges | |||
| CVE-2024-48070 | 0.00 | — | 0.01 | Nov 19, 2024 | An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges | |||
| CVE-2024-7704 | 0.00 | — | 0.01 | Aug 12, 2024 | A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to… | |||
| CVE-2023-51892 | 0.00 | — | 0.01 | Jan 20, 2024 | An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | |||
| CVE-2023-3793 | 0.00 | — | 0.00 | Jul 20, 2023 | A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY… | |||
| CVE-2023-2806 | 0.00 | — | 0.01 | May 19, 2023 | A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is… | |||
| CVE-2019-10272 | 0.00 | — | 0.01 | Apr 30, 2019 | An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. |
- CVE-2024-48069Nov 19, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges
- CVE-2024-48070Nov 19, 2024risk 0.00cvss —epss 0.01
An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges
- CVE-2024-7704Aug 12, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to…
- CVE-2023-51892Jan 20, 2024risk 0.00cvss —epss 0.01
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
- CVE-2023-3793Jul 20, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY…
- CVE-2023-2806May 19, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is…
- CVE-2019-10272Apr 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.