6 matches found
CVE-2023-2647
Weaver E-Office 9.5 is affected by a command-injection vulnerability in the File Upload Handler, specifically the /webroot/inc/utility_all.php file. The issue allows remote exploitation and has been publicly disclosed. Multiple connected sources consistently identify the vulnerable component as t...
CVE-2023-2648
CVE-2023-2648 affects Weaver E-Office 9.5. The vulnerability resides in /inc/jquery/uploadify/uploadify.php, where manipulating the Filedata parameter enables unrestricted file upload. This can be triggered remotely and has been publicized (VDB-228777). Connected sources additionally describe it ...
CVE-2024-3227
CVE-2024-3227 affects Panwei eoffice OA up to 9.5 (Backend) and involves a path traversal in file /general/system/interface/theme_set/save_image.php. The vulnerability is triggered by manipulating the argument image_type to navigate to a directory like ‘../filedir’. It is remotely exploitable and...
CVE-2023-34798
CVE-2023-34798 affects eOffice prior to v9.5. The vulnerability is an arbitrary file upload that allows an attacker to execute arbitrary code by uploading a crafted file. Root cause is an improper validation/handling of uploaded files in eOffice before 9.5. Impact is high: potential full system c...
CVE-2023-2766
Weaver OA 9.5 is affected by CVE-2023-2766, caused by processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini that can lead to files or directories becoming accessible. The issue is exploitable remotely and has public disclosures noted in multiple sources (e.g., NVD a...
CVE-2023-2765
Summary: CVE-2023-2765 affects Weaver OA up to v9.5. The vulnerability is in /E-mobile/App/System/File/downfile.php where manipulating the url parameter causes absolute path traversal, exploitable remotely. Public exploitation has been disclosed; no official patch/version fix details are provided...