From fbb45c1a3150460f759870719398a1af415814ff Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Wed, 21 Jun 2023 17:00:35 +0800
Subject: [PATCH] Create
 Weaver_E-office_Office_Automation_System_download.php_filename_file_read_vulnerability.md

add Weaver E-office Office Automation System download.php filename file read vulnerability
---
 ..._download.php_filename_file_read_vulnerability.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 Weaver_E-office_Office_Automation_System_download.php_filename_file_read_vulnerability.md

diff --git a/Weaver_E-office_Office_Automation_System_download.php_filename_file_read_vulnerability.md b/Weaver_E-office_Office_Automation_System_download.php_filename_file_read_vulnerability.md
new file mode 100644
index 0000000..fb25efb
--- /dev/null
+++ b/Weaver_E-office_Office_Automation_System_download.php_filename_file_read_vulnerability.md
@@ -0,0 +1,12 @@
+## Weaver E-office Office Automation System download.php filename file read vulnerability
+
+|   **Vulnerability**  | **Weaver E-office Office Automation System download.php filename file read vulnerability**  |
+| :----:   | :-----|
+| **Chinese name**  | 泛微E-office协同办公系统 download.php 文件 filename 参数文件读取漏洞 |
+| **CVSS core**  | 5.0 |
+| **FOFA Query**  (click to view the results directly)| [((header="general/login/index.php" \|\| body="/general/login/view//images/updateLoad.gif" \|\| (body="szFeatures" && body="eoffice") \|\| header="Server: eOffice") && body!="Server: couchdb") \|\| banner="general/login/index.php"](https://en.fofa.info/result?qbase64=KChoZWFkZXI9ImdlbmVyYWwvbG9naW4vaW5kZXgucGhwIiB8fCBib2R5PSIvZ2VuZXJhbC9sb2dpbi92aWV3Ly9pbWFnZXMvdXBkYXRlTG9hZC5naWYiIHx8IChib2R5PSJzekZlYXR1cmVzIiAmJiBib2R5PSJlb2ZmaWNlIikgfHwgaGVhZGVyPSJTZXJ2ZXI6IGVPZmZpY2UiKSAmJiBib2R5IT0iU2VydmVyOiBjb3VjaGRiIikgfHwgYmFubmVyPSJnZW5lcmFsL2xvZ2luL2luZGV4LnBocCI%3D) |
+| **Number of assets affected**  | 4971 |
+| **Description**  | Weaver E-office Office Automation System is a professional office software, is for small business or team work platform. There are file reading vulnerabilities in the Weaver E-office Office Automation System.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. |
+| **Impact** | There are file reading vulnerabilities in the Weaver E-office Office Automation System.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website. |
+
+![](https://s3.bmp.ovh/imgs/2023/06/21/008f7969a69cf000.gif)