admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Weaver_OA_PluginViewServlet_Authentication_Bypass_Vulnerability.md

Browse Source 
add Weaver OA PluginViewServlet Authentication Bypass Vulnerability
This commit is contained in:
Goby 2023-06-21 17:24:13 +08:00 committed by GitHub
parent b6751e531f
commit 8d81c91b5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Weaver_OA_PluginViewServlet_Authentication_Bypass_Vulnerability.md Normal file
View File

@ -0,0 +1,12 @@
## Weaver OA PluginViewServlet Authentication Bypass Vulnerability
| **Vulnerability** | **Weaver OA PluginViewServlet Authentication Bypass Vulnerability** |
| :----: | :-----|
| **Chinese name** | 泛微OA办公系统 PluginViewServlet 认证绕过漏洞 |
| **CVSS core** | 8.0 |
| **FOFA Query** (click to view the results directly)| [(header="testBanCookie" \|\| banner="testBanCookie" \|\| body="/wui/common/css/w7OVFont.css" \|\| (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") \|\| body="/theme/ecology8/jquery/js/zDialog_wev8.js" \|\| body="ecology8/lang/weaver_lang_7_wev8.js")](https://en.fofa.info/result?qbase64=KGhlYWRlcj0idGVzdEJhbkNvb2tpZSIgfHwgYmFubmVyPSJ0ZXN0QmFuQ29va2llIiB8fCBib2R5PSIvd3VpL2NvbW1vbi9jc3MvdzdPVkZvbnQuY3NzIiB8fCAoYm9keT0idHlwZW9mIHBvcHBlZFdpbmRvdyIgJiYgYm9keT0iY2xpZW50L2pxdWVyeS5jbGllbnRfd2V2OC5qcyIpIHx8IGJvZHk9Ii90aGVtZS9lY29sb2d5OC9qcXVlcnkvanMvekRpYWxvZ193ZXY4LmpzIiB8fCBib2R5PSJlY29sb2d5OC9sYW5nL3dlYXZlcl9sYW5nXzdfd2V2OC5qcyIp) |
| **Number of assets affected** | 45034 |
| **Description** | Weaver OA is a professional and powerful multi-functional office management software that supports mobile approval, attendance, query, sharing and other functions, effectively improving the user's office efficiency. There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. |
| **Impact** | There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. |
![](https://s3.bmp.ovh/imgs/2023/06/21/38cfb28426294995.gif)