Weaver

E-cology

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-34038

Exploit
  • EPSS 5.48%
  • Veröffentlicht 24.06.2025 01:06:35
  • Zuletzt bearbeitet 20.11.2025 22:15:56

A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable thro...

9.8

CVE-2024-48069

  • EPSS 0.18%
  • Veröffentlicht 19.11.2024 18:15:21
  • Zuletzt bearbeitet 05.06.2025 13:54:55

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

9.8

CVE-2024-48070

  • EPSS 0.49%
  • Veröffentlicht 19.11.2024 18:15:21
  • Zuletzt bearbeitet 05.06.2025 13:55:09

An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges

9.8

CVE-2024-48072

  • EPSS 0.12%
  • Veröffentlicht 19.11.2024 18:15:21
  • Zuletzt bearbeitet 05.06.2025 13:58:30

Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&wher...

6.5

CVE-2024-48071

  • EPSS 0.42%
  • Veröffentlicht 19.11.2024 17:15:09
  • Zuletzt bearbeitet 24.09.2025 19:08:16

E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service.

7.5

CVE-2024-7704

Exploit
  • EPSS 0.26%
  • Veröffentlicht 12.08.2024 21:15:34
  • Zuletzt bearbeitet 28.05.2025 19:35:19

A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information dis...

9.8

CVE-2023-51892

  • EPSS 2.87%
  • Veröffentlicht 20.01.2024 01:15:07
  • Zuletzt bearbeitet 30.05.2025 15:15:26

An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

9.8

CVE-2023-3793

  • EPSS 0.05%
  • Veröffentlicht 20.07.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:18:04

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid w...

8.8

CVE-2023-2806

Exploit
  • EPSS 0.13%
  • Veröffentlicht 19.05.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:19

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier...

6.1

CVE-2019-10272

Exploit
  • EPSS 0.3%
  • Veröffentlicht 30.04.2019 18:29:07
  • Zuletzt bearbeitet 21.11.2024 04:18:47

An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.