129 matches found
CVE-2026-22679
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver Fanwei E-cology, an enterprise office automation OA and collaboration platform, has come under active exploitation in the wild. The vulnerability CVE-2026-22679 , CVSS score: 9.8 relates to a case of unauthenticated remote code execution affecting Weave...
CVE-2022-50992
Weaver E-cology 9.5 (pre-10.52) contains an unauthenticated arbitrary file read via the XmlRpcServlet at the XML-RPC endpoint. Attackers can pass file paths to WorkflowService.getAttachment and WorkflowService.LoadTemplateProp to read arbitrary files, including system configuration and database c...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-50992
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
VulnCheck KEV: CVE-2022-50992
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
PT-2026-36125
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
Weaver E-cology 路径遍历漏洞
Weaver E-cology is a collaboration management platform developed by the Chinese company Weaver. Versions of Weaver E-cology prior to 9.5 and 10.52 had a path traversal vulnerability. This vulnerability stemmed from an arbitrary file reading vulnerability present in the XML-RPC endpoints provided ...
VulnCheck KEV: CVE-2023-3793
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...
Exploit for CVE-2026-22679
CVE-2026-22679: Weaver E-cology Unauthenticated RCE via dubboA...
EUVD-2026-19607
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...
CVE-2026-22679
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...
CVE-2026-22679 Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...
CVE-2026-22679
Weaver E-cology 10.0 (prior to build 20260312) is affected by CVE-2026-22679. The flaw is an unauthenticated RCE exposed at /papi/esearch/data/devops/dubboApi/debug/method, where attacker-controlled interfaceName and methodName parameters trigger command-execution via the Dubbo RPC layer. Exploit...
CVE-2026-22679
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...
PT-2026-30819
Name of the Vulnerable Software and Affected Versions Weaver Fanwei E-cology versions 10.0 through 20260311 Description An unauthenticated remote code execution flaw exists due to exposed debug functionality. Attackers can execute arbitrary system commands by sending crafted POST requests to the...
VulnCheck KEV: CVE-2026-22679
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...
Fanwei e-cology - SQL Injection
Fanwei e-cology 8.0 contains a sql injection caused by unsanitized user input in the sql parameter of getdata.jsp, letting unauthenticated attackers execute arbitrary SQL queries and access sensitive data. id: CVE-2025-34038 info: name: Fanwei e-cology - SQL Injection author: ritikchaddha severit...
VulnCheck KEV: CVE-2023-2806
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The...