Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

VulnCheck KEV: CVE-2023-2523

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobileuploadsave. The manipulation of the argument uploadquwan leads to unrestricted upload. The attack may be launched...

CVE-2022-50993 Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

EUVD-2022-55965

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

CVE-2022-50993 Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

CVE-2022-50993

CVE-2022-50993 affects Weaver (Fanwei) E-office, prior to version 10.0_20221201. The OfficeServer.php endpoint is vulnerable to unauthenticated arbitrary file upload, allowing remote attackers to POST multipart data with arbitrary filenames and disguised content types to upload PHP web shells int...

Weaver E-office 代码问题漏洞

Weaver E-office is an office automation system developed by the Chinese company Weaver. Versions of Weaver E-office prior to 10.020221201 contained code vulnerabilities. These vulnerabilities stemmed from an unauthenticated file upload vulnerability present in the OfficeServer.php endpoint. This...

VulnCheck KEV: CVE-2022-50993

Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

PT-2026-36126

Weaver Fanwei E-office versions prior to 10.0 20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...

EUVD-2023-34113

Malicious code in bioql PyPI...

Weaver E-Office 安全漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A security vulnerability exists in Weaver E-Office v9.4 and prior versions, which originates from an unauthenticated file upload attack due to incorrect operation of the file /general/index/UploadFile.ph...

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

CVE-2023-2523

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobileuploadsave. The manipulation of the argument uploadquwan leads to unrestricted upload. The attack may be launched...

VulnCheck KEV: CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

Weaver E-Office 代码问题漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A security vulnerability exists in weaver e-office versions prior to v9.5. The vulnerability stems from the presence of an arbitrary file upload vulnerability, which allows an attacker to execute arbitra...

The vulnerability of the App/Ajax/ajax.php?action=mobileUploadSave component of the software platform for small and medium-sized business collaboration software Weaver E-Office allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the component App/Ajax/ajax.php?action=mobileUploadSave on the software platform for small and medium-sized business collaboration software Weaver E-Office is related to the lack of restrictions on file uploads. Exploiting this vulnerability could allow a malicious actor to...

Weaver E-Office 安全漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A security vulnerability exists in Weaver E-Office version 9.5. An attacker can exploit the vulnerability to access files or directories...

Weaver E-Office 安全漏洞

Weaver E-Office is a collaborative office system from China's PanWei Technologies Weaver. A security vulnerability exists in Weaver E-Office version 9.5 and earlier versions, which is caused by an incorrect operation of the parameter url that results in absolute path traversal...

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...