5 matches found
CVE-2022-50992
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-50992
Weaver E-cology 9.5 (pre-10.52) is affected by an unauthenticated arbitrary file read via the XmlRpcServlet at the XML-RPC endpoint. The vulnerability arises in WorkflowService.getAttachment and WorkflowService.LoadTemplateProp, allowing remote attackers to read arbitrary files (including system ...
PT-2026-36125
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...