EUVD-2023-34223

Malicious code in bioql PyPI...

CVE-2023-2765

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...

CVE-2023-2766

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The explo...

CVE-2023-2765

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...

CVE-2023-2766

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The explo...

CVE-2023-2765

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...

Design/Logic Flaw

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The explo...

CVE-2023-2766

Weaver OA 9.5 is affected by CVE-2023-2766, caused by processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini that can lead to files or directories becoming accessible. The issue is exploitable remotely and has public disclosures noted in multiple sources (e.g., NVD a...

CVE-2023-2766 Weaver OA jx2_config.ini file access

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The explo...

CVE-2023-2765 Weaver OA downfile.php absolute path traversal

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...

CVE-2023-2765

Summary: CVE-2023-2765 affects Weaver OA up to v9.5. The vulnerability is in /E-mobile/App/System/File/downfile.php where manipulating the url parameter causes absolute path traversal, exploitable remotely. Public exploitation has been disclosed; no official patch/version fix details are provided...

PT-2023-21283 · Weaver Oa · Weaver Oa

Name of the Vulnerable Software and Affected Versions: Weaver OA versions up to 9.5 Description: A problematic issue has been found in the file /E-mobile/App/System/File/downfile.php, where the manipulation of the url argument leads to absolute path traversal. This can be initiated remotely. The...