E-office Security Vulnerabilities and Issues — E-office CVE List

Lucene search

WeaverE-office

7 matches found

CVE•added 2023/05/11 8:15 a.m.•149 views

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The expl...

8.8CVSS7.8AI score0.02353EPSS

CVE•added 2023/05/11 8:15 a.m.•70 views

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has...

9.8CVSS8AI score0.93096EPSS

CVE•added 2023/05/04 6:15 p.m.•58 views

CVE-2023-2523

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remot...

9.8CVSS8.5AI score0.90185EPSS

CVE•added 2023/07/25 8:15 p.m.•58 views

CVE-2023-34798

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.

9.8CVSS9.5AI score0.00115EPSS

CVE•added 2024/04/03 3:15 a.m.•58 views

CVE-2024-3227

A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/theme_set/save_image.php of the component Backend. The manipulation of the argument image_type leads to path traversal: '../filed...

7.2CVSS5AI score0.00111EPSS

CVE•added 2023/05/17 5:15 p.m.•48 views

CVE-2023-2766

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploi...

7.5CVSS6.4AI score0.91816EPSS

CVE•added 2023/05/17 5:15 p.m.•33 views

CVE-2023-2765

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit h...

7.5CVSS6AI score0.00189EPSS