Weaver Weaver

  1. Vendors
  2. Weaver

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Weaver product.

RSS Feeds for Weaver security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Weaver products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Weaver Sorted by Most Security Vulnerabilities since 2018

Weaver E Cology8 vulnerabilities

Weaver E Office6 vulnerabilities

Weaver Office Automation2 vulnerabilities

Weaver Eteams Oa1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Weaver. Weaver did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 6 8.17
2023 7 8.86
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 2 6.30

It may take a day or so for new Weaver vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Weaver Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-48072 Nov 19, 2024
SQL Injection Vulnerability in Weaver Ecology v9.* via MECAction Servlet Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition=1&expression=%3d&fieldValue=1.
E Cology
CVE-2024-48070 Nov 19, 2024
SQL Injection Vulnerability in Weaver Ecology v9* An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges
E Cology
CVE-2024-48069 Nov 19, 2024
Weaver Ecology v9.* Remote Code Execution via File Upload A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges
E Cology
CVE-2024-7704 Aug 12, 2024
Weaver e-cology 8 Source Code Handler Remote Info Disclosure A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
E Cology
CVE-2024-3227 Apr 03, 2024
Panwei eoffice OA 9.5 Backend Path Traversal (image_type) A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/theme_set/save_image.php of the component Backend. The manipulation of the argument image_type leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259072.
E Office
CVE-2023-51892 Jan 20, 2024
Remote code exec via crafted script in Weaver e-Cology FrameworkShellController An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
E Cology
CVE-2023-34798 Jul 25, 2023
eoffice <9.5 Arbitrary File Upload RCE Vulnerability An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.
E Office
CVE-2023-3793 Jul 20, 2023
Weaver e-cology SQLi via HTTP POST before 10.58.0 A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql injection. Upgrading to version 10.58.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-235061 was assigned to this vulnerability.
E Cology
CVE-2023-2806 May 19, 2023
Weaver e-cology 9.0 XXE via RequestInfoByXml (CVE-2023-2806) A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
E Cology
CVE-2023-2766 May 17, 2023
Remote LFI via Configfile Manipulation in Weaver OA 9.5 A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Weaver Office Automation
E Office
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.