## Weaver OA PluginViewServlet Authentication Bypass Vulnerability

|   **Vulnerability**  | **Weaver OA PluginViewServlet Authentication Bypass Vulnerability**  |
| :----:   | :-----|
| **Chinese name**  | 泛微OA办公系统 PluginViewServlet 认证绕过漏洞 |
| **CVSS core**  | 8.0 |
| **FOFA Query**  (click to view the results directly)| [(header="testBanCookie" \|\| banner="testBanCookie" \|\| body="/wui/common/css/w7OVFont.css" \|\| (body="typeof poppedWindow" && body="client/jquery.client_wev8.js") \|\| body="/theme/ecology8/jquery/js/zDialog_wev8.js" \|\| body="ecology8/lang/weaver_lang_7_wev8.js")](https://en.fofa.info/result?qbase64=KGhlYWRlcj0idGVzdEJhbkNvb2tpZSIgfHwgYmFubmVyPSJ0ZXN0QmFuQ29va2llIiB8fCBib2R5PSIvd3VpL2NvbW1vbi9jc3MvdzdPVkZvbnQuY3NzIiB8fCAoYm9keT0idHlwZW9mIHBvcHBlZFdpbmRvdyIgJiYgYm9keT0iY2xpZW50L2pxdWVyeS5jbGllbnRfd2V2OC5qcyIpIHx8IGJvZHk9Ii90aGVtZS9lY29sb2d5OC9qcXVlcnkvanMvekRpYWxvZ193ZXY4LmpzIiB8fCBib2R5PSJlY29sb2d5OC9sYW5nL3dlYXZlcl9sYW5nXzdfd2V2OC5qcyIp) |
| **Number of assets affected**  | 45034 |
| **Description**  | Weaver OA is a professional and powerful multi-functional office management software that supports mobile approval, attendance, query, sharing and other functions, effectively improving the user's office efficiency. There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. |
| **Impact** | There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges. |

![](https://s3.bmp.ovh/imgs/2023/06/21/38cfb28426294995.gif)