Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-2648

Published: 11/05/2023 Updated: 11/04/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Weaver

Vulnerability Summary

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

weaver e-office 9.5

Github Repositories

https://github.com/kuang-zy/2023-Weaver-pocs

2023泛微0A漏洞poc检测工具

2023-Weaver-pocs 2023泛微0A漏洞poc检测工具 支持检测漏洞 泛微 E-Office文件上传漏洞(CVE-2023-2523) 泛微 E-Office文件上传漏洞(CVE-2023-2648) 泛微E-Cology SQL注入漏洞(CVE-2023-15672) 泛微OA E-Cology9未授权SQL注入漏洞(CNVD-2023-12632) 泛微OA e-cology前台接口SQL注入漏洞 泛微 e-cology ofsLogin任意用户登录漏洞 泛微E-

https://github.com/zhaoyumi/WeaverExploit_All

泛微最近的漏洞利用工具(PS:2023)

WeaverExploit_All 泛微最近的漏洞利用工具(PS:2023) 集成了QVD-2023-5012、CVE-2023-2523、CVE-2023-2648、getloginid_ofsLogin 漏洞利用 2023726:新增:WorkflowServiceXml 内存马注入、uploaderOperate文件上传漏洞、DeleteUserRequestInfoByXml 、FileDownloadForOutDocSQL注入、E-Mobile 60 命令执行漏洞检测 2023805:新增泛微E-

https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648

cve-2023-2523-and-cve-2023-2648

cve-2023-2523 备注:脚本上传了phpinfo文件 使用方法: 结果自动保存到resulttxt文件 手工POC: POST /E-mobile/App/Ajax/ajaxphp?action=mobile_upload_save HTTP/11 Host: your-ip Content-Length: 352 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: null Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6tt User-Ag

https://github.com/MD-SEC/MDPOCS

猫蛋儿安全团队编写的poc能报就能打。企业微信、海康、Metabase、Openfire、泛微OA......

MDPOCS 猫蛋儿安全团队编写的poc,能报就能打。 漏洞列表: Metabase 远程命令执行漏洞 海康威视 ResourceOperations任意文件上传 Openfire权限绕过漏洞 泛微E-Mobile 60-65 前台RCE 金和 OA C6 GetSqlDataaspx SQL 注入漏洞导致RCE 企业微信API信息泄漏漏洞 蓝凌OA treexmltmpl 远程命令执行漏洞 蓝凌OA Customjsp任

https://github.com/Co5mos/nuclei-tps

nuclei templates

ntps nuclei templates headless bing-search http-cves 2023 CVE-2023-1389 CVE-2023-2523 CVE-2023-2648 CVE-2023-49442 http-vulnerabilities 安恒 anheng-gateway-rce-cnvd-2023-03898 anheng-mingyu-xmlrpc-sock-ssrf 畅捷通 changjet-tplus-ajaxpro-rce changjet-tplus-downloadproxy-traversal 大华 dahua-passowrd-disclosure dahua-publishing-fileupload dahua-searchJson-sqli dah

References

CWE-434https://vuldb.com/?ctiid.228777https://github.com/sunyixuan1228/cve/blob/main/weaver.mdhttps://vuldb.com/?id.228777https://nvd.nist.govhttps://github.com/kuang-zy/2023-Weaver-pocs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook