Lucene search
+L
WeaverE-office

6 matches found

CVE
CVE
added 2023/05/11 7:31 a.m.173 views

CVE-2023-2647

Weaver E-Office 9.5 is affected by a command-injection vulnerability in the File Upload Handler, specifically the /webroot/inc/utility_all.php file. The issue allows remote exploitation and has been publicly disclosed. Multiple connected sources consistently identify the vulnerable component as t...

8.8CVSS7.8AI score0.07008EPSS
CVE
CVE
added 2023/05/11 8:0 a.m.104 views

CVE-2023-2648

CVE-2023-2648 affects Weaver E-Office 9.5. The vulnerability resides in /inc/jquery/uploadify/uploadify.php, where manipulating the Filedata parameter enables unrestricted file upload. This can be triggered remotely and has been publicized (VDB-228777). Connected sources additionally describe it ...

9.8CVSS8AI score0.28478EPSS
In wildWeb
CVE
CVE
added 2024/04/03 2:31 a.m.82 views

CVE-2024-3227

CVE-2024-3227 affects Panwei eoffice OA up to 9.5 (Backend) and involves a path traversal in file /general/system/interface/theme_set/save_image.php. The vulnerability is triggered by manipulating the argument image_type to navigate to a directory like ‘../filedir’. It is remotely exploitable and...

7.2CVSS5AI score0.00955EPSS
Web
CVE
CVE
added 2023/07/25 12:0 a.m.76 views

CVE-2023-34798

CVE-2023-34798 affects eOffice prior to v9.5. The vulnerability is an arbitrary file upload that allows an attacker to execute arbitrary code by uploading a crafted file. Root cause is an improper validation/handling of uploaded files in eOffice before 9.5. Impact is high: potential full system c...

9.8CVSS9.5AI score0.0071EPSS
CVE
CVE
added 2023/05/17 4:31 p.m.71 views

CVE-2023-2766

Weaver OA 9.5 is affected by CVE-2023-2766, caused by processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini that can lead to files or directories becoming accessible. The issue is exploitable remotely and has public disclosures noted in multiple sources (e.g., NVD a...

7.5CVSS6.4AI score0.54232EPSS
CVE
CVE
added 2023/05/17 4:31 p.m.61 views

CVE-2023-2765

Summary: CVE-2023-2765 affects Weaver OA up to v9.5. The vulnerability is in /E-mobile/App/System/File/downfile.php where manipulating the url parameter causes absolute path traversal, exploitable remotely. Public exploitation has been disclosed; no official patch/version fix details are provided...

7.5CVSS6AI score0.02182EPSS
Web