| Vulnerability | Weaver ecology XmlRpcServlet Path File Read Vulnerability |
|---|---|
| Chinese name | 泛微 e-cology XmlRpcServlet 接口文件读取漏洞 |
| CVSS core | 7.8 |
| FOFA Query (click to view the results directly) | ((body="szFeatures" && body="redirectUrl") || (body="rndData" && body="isdx") || (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") || body="/theme/ecology8/jquery/js/zDialog_wev8.js" || body="ecology8/lang/weaver_lang_7_wev8.js" || body="src="/js/jquery/jquery_wev8.js" || (header="Server: WVS" && (title!="404 Not Found" && header!="404 Not Found"))) && header!="testBanCookie" && header!="Couchdb" && header!="JoomlaWor" && body!="<title>28ZE</title>" |
| Number of assets affected | 111321 |
| Description | Weaver e-cology is an OA office system specifically designed for large and medium-sized enterprises, supporting simultaneous work on PC, mobile, and WeChat platforms.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. |
| Impact | Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. |
