| Vulnerability | Weaver OA PluginViewServlet Authentication Bypass Vulnerability |
|---|---|
| Chinese name | 泛微OA办公系统 PluginViewServlet 认证绕过漏洞 |
| CVSS core | 8.0 |
| FOFA Query (click to view the results directly) | (header="testBanCookie" || banner="testBanCookie" || body="/wui/common/css/w7OVFont.css" || (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") || body="/theme/ecology8/jquery/js/zDialog_wev8.js" || body="ecology8/lang/weaver_lang_7_wev8.js") |
| Number of assets affected | 45034 |
| Description | Weaver OA is a professional and powerful multi-functional office management software that supports mobile approval, attendance, query, sharing and other functions, effectively improving the user's office efficiency. There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. |
| Impact | There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. |
