Description
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC).
Published: 2026-04-30
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Weaver E‑office versions prior to 10.0_20221201 are vulnerable to an unauthenticated arbitrary file upload attack that allows attackers to place malicious files, such as PHP webshells, in the Document directory. By accessing these files via HTTP GET requests, an attacker can execute commands on the web server with the server user’s privileges. The weakness is a classic insecure file upload flaw (CWE‑434).

Affected Systems

This flaw affects all installations of Weaver Network Co., Ltd. E‑office running versions earlier than 10.0_20221201. No sub‑product or module details are specified beyond the general product name and version threshold.

Risk and Exploitability

The CVSS score is 9.3, indicating a high‑severity vulnerability that grants remote code execution. The EPSS score is not available and the vulnerability is not yet listed in the CISA KEV catalog, but evidence of exploitation was observed by the Shadowserver Foundation on 2022‑10‑10. The attack vector is remote via HTTP, and no authentication or network restrictions are required, making the exploit highly feasible for adversaries with internet connectivity to the target system.

Generated by OpenCVE AI on May 1, 2026 at 05:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update E‑office to version 10.0_20221201 or later to remove the vulnerable OfficeServer.php endpoint.
  • Restrict the OfficeServer.php endpoint or disable file uploads entirely if an upgrade is not immediately possible.
  • Implement file type and size restrictions on any remaining upload functionality and configure the web server to run with the least privilege necessary.
  • Monitor network traffic for unexpected POST requests to OfficeServer.php and log uploaded files for forensic analysis.

Generated by OpenCVE AI on May 1, 2026 at 05:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Weaver
Weaver e-office
Vendors & Products Weaver
Weaver e-office

Thu, 30 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC).
Title Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Weaver E-office
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-30T18:24:11.947Z

Reserved: 2026-04-29T18:22:05.872Z

Link: CVE-2022-50993

cve-icon Vulnrichment

Updated: 2026-04-30T18:24:07.804Z

cve-icon NVD

Status : Deferred

Published: 2026-04-30T17:16:24.800

Modified: 2026-04-30T17:19:57.853

Link: CVE-2022-50993

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:21:16Z

Weaknesses