CNNVD-202506-3026 Information

CNNVD ID

CNNVD-202506-3026

Related CVE

CVE-2025-34038

• CNNVD Published: 2025-06-24

Description (Chinese)

Weaver e-cology是中国泛微（Weaver）公司的一套协同管理应用平台。 Weaver e-cology 8.0版本存在安全漏洞，该漏洞源于getdata.jsp端点中sql参数未清理导致SQL注入攻击。

Description (English)

Weaver e-cology is a collaborative management application platform for Weaver China. There is a security loophole in version 8.0 of Weaver e-cology, which stems from the failure to clear sql parameters at the Getdata.jsp endpoint, which resulted in an SQL injection attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

泛微

Published

2025-06-24

Last Modified

2026-02-24

References

https://vulncheck.com/advisories/fanwei-ecology-sql-injection https://www.cnblogs.com/0day-li/p/14637680.html https://weaver.com.co/products/ecology/ https://www.cnvd.org.cn/flaw/show/CNVD-2021-33202 https://www.weaver.com.cn/ https://access.redhat.com/security/cve/cve-2025-34038

Patch

https://www.weaver.com.cn/e9/