CRITICAL🇵🇱 Wersja polska

CVE-2023-51892

CVSS 9.8v3.1pub. 2024-01-20upd. 2026-07-05

An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

🤖 AI Analysis
How it works

An attacker sends a specially crafted script to the FrameworkShellController component in the Weaver E-Cology application. This component processes the submitted data in an unsafe manner, resulting in execution of the delivered code on the server side. The attack requires no authentication or user interaction, and the network vector means it can be conducted remotely over the Internet.

Impact

An attacker can gain full control over the server — in terms of confidentiality, integrity, and availability of data and the system. System takeover, data theft, malicious software installation, or further lateral movement within the organization's network is possible.

Mitigation & patch

Apply patches available from the manufacturer according to the references. The manufacturer is available at weaver.com.cn. Until the update is deployed, it is recommended to restrict access to the FrameworkShellController component at the firewall or reverse proxy level and isolate the system from the public Internet.

Who is affected

Weaver E-Cology version 10.0.2310.01

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Weaver E Cology

    APP
    Weaver
    10.0.2310.01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-22679CRITICAL9.3PL ✓ten sam produkt

Nieuwierzytelniony RCE w Weaver E-Cology przez endpoint DubboAPI debug

CVE-2024-48072CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Weaver E-Cology v9 — nieautoryzowany dostęp do bazy danych

CVE-2024-48069CRITICAL9.8PL ✓ten sam produkt

Weaver E-Cology: Race Condition umożliwiający upload złośliwych plików i przejęcie serwera

CVE-2024-48070CRITICAL9.8PL ✓ten sam produkt

RCE w Weaver E-Cology — zdalne wykonanie kodu przez spreparowane żądanie

CVE-2025-34038HIGH8.7ten sam produkt

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application dire...