Weaver
Products
5- 10 CVEs
- 7 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22679 | Cri | 0.64 | 9.8 | 0.21 | Apr 7, 2026 | Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality.… | ||
| CVE-2022-50992 | Hig | 0.49 | 7.5 | 0.01 | Apr 30, 2026 | Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the… | ||
| CVE-2025-9590 | Low | 0.23 | 3.5 | 0.00 | Aug 28, 2025 | A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated remotely. The exploit is… | ||
| CVE-2023-2766 | 0.07 | — | 0.54 | May 17, 2023 | A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated… | |||
| CVE-2025-34038 | 0.00 | — | 0.02 | Jun 24, 2025 | A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId… | |||
| CVE-2024-48070 | 0.00 | — | 0.01 | Nov 19, 2024 | An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges | |||
| CVE-2024-48071 | 0.00 | — | 0.01 | Nov 19, 2024 | E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service. | |||
| CVE-2024-48072 | 0.00 | — | 0.00 | Nov 19, 2024 | Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition… | |||
| CVE-2024-48069 | 0.00 | — | 0.00 | Nov 19, 2024 | A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges | |||
| CVE-2024-7704 | 0.00 | — | 0.01 | Aug 12, 2024 | A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to… | |||
| CVE-2023-51892 | 0.00 | — | 0.01 | Jan 20, 2024 | An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | |||
| CVE-2023-3793 | 0.00 | — | 0.00 | Jul 20, 2023 | A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY… | |||
| CVE-2023-2806 | 0.00 | — | 0.01 | May 19, 2023 | A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is… | |||
| CVE-2021-3836 | 0.00 | — | 0.01 | Dec 14, 2021 | dbeaver is vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2019-10272 | 0.00 | — | 0.01 | Apr 30, 2019 | An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. |
- risk 0.64cvss 9.8epss 0.21
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality.…
- risk 0.49cvss 7.5epss 0.01
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated remotely. The exploit is…
- CVE-2023-2766May 17, 2023risk 0.07cvss —epss 0.54
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated…
- CVE-2025-34038Jun 24, 2025risk 0.00cvss —epss 0.02
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId…
- CVE-2024-48070Nov 19, 2024risk 0.00cvss —epss 0.01
An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges
- CVE-2024-48071Nov 19, 2024risk 0.00cvss —epss 0.01
E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service.
- CVE-2024-48072Nov 19, 2024risk 0.00cvss —epss 0.00
Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition…
- CVE-2024-48069Nov 19, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges
- CVE-2024-7704Aug 12, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to…
- CVE-2023-51892Jan 20, 2024risk 0.00cvss —epss 0.01
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
- CVE-2023-3793Jul 20, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY…
- CVE-2023-2806May 19, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is…
- CVE-2021-3836Dec 14, 2021risk 0.00cvss —epss 0.01
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference
- CVE-2019-10272Apr 30, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.