CVE-2023-51892
CRITICALDescription
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
Is your site exposed to CVE-2023-51892?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| weaver | e-cology |
References
Frequently Asked Questions
What is CVE-2023-51892? +
How severe is CVE-2023-51892? +
What products are affected by CVE-2023-51892? +
How do I check if I'm vulnerable to CVE-2023-51892? +
Related Vulnerabilities
Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition=1&expression=%3d&fieldValue=1.
A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files …
An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code …
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input …
E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server …
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of …