E-cology Security Vulnerabilities and Issues — E-cology CVE List

Lucene search

WeaverE-cology

5 matches found

CVE•added 2023/07/20 8:15 p.m.•59 views

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql inject...

9.8CVSS7AI score0.00045EPSS

CVE•added 2024/11/19 6:15 p.m.•36 views

CVE-2024-48072

Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition=1&expression=%3d&f...

9.8CVSS8.3AI score0.00077EPSS

CVE•added 2024/11/19 6:15 p.m.•35 views

CVE-2024-48069

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

9.8CVSS6.7AI score0.00114EPSS

CVE•added 2024/11/19 6:15 p.m.•35 views

CVE-2024-48070

An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges

9.8CVSS6.8AI score0.00303EPSS

CVE•added 2024/01/20 1:15 a.m.•32 views

CVE-2023-51892

An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

9.8CVSS9.4AI score0.02872EPSS