VYPR

e-cology 8

by Weaver

CVEs (7)

  • CVE-2024-48069Nov 19, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

  • CVE-2024-48070Nov 19, 2024
    risk 0.00cvss epss 0.01

    An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges

  • CVE-2024-7704Aug 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to…

  • CVE-2023-51892Jan 20, 2024
    risk 0.00cvss epss 0.01

    An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

  • CVE-2023-3793Jul 20, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY…

  • CVE-2023-2806May 19, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is…

  • CVE-2019-10272Apr 30, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.