CNNVD-202506-3334 Information
CNNVD ID
CNNVD-202506-3334
Related CVE
- CNNVD Published: 2025-06-26
Description (Chinese)
Weaver E-Office是中国泛微科技(Weaver)公司的一个协同办公系统。 Weaver E-Office v9.4及之前版本存在安全漏洞,该漏洞源于对文件/general/index/UploadFile.php的错误操作导致未经验证的文件上传攻击。
Description (English)
Weaver E-Office is a coordinated office system of Weaver China. Weaver E-Office v. 9.4 and earlier versions had a security loophole, which arose out of a mishandling of the document/general/index/UploadFile.php resulting in an unverified document upload attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
泛微科技
Published
2025-06-26
Last Modified
2026-02-24
References
https://github.com/projectdiscovery/nuclei-templates/blob/main/ https://github.com/M0ge/CNVD-2021-49104-Fanwei-Eoffice-fileupload/blob/main/eoffice_fileupload.py https://www.cnvd.org.cn/flaw/show/CNVD-2021-49104 https://vulncheck.com/advisories/fanwei-eoffice-file-upload https://access.redhat.com/security/cve/cve-2025-34046
Patch
https://service.e-office.cn/download
Share on: